SPP-NIDS - A Sea of Processors Platform for Network Intrusion Detection Systems

A widely used approach to avoid network intrusion is SNORT, an open source network intrusion detection system (NIDS). This work describes SPP- NIDS, a architecture for intrusion detection supporting SNORT rules. SPP-NIDS is attractive to real-world network intrusion detection, due to its scalability, flexibility and performance features. A parameterizable cluster of simple processors provides system scalability. Hardware NIDSs described in the literature often employ hardwired comparators to verify if the incoming network traffic has data potentially containing intrusion attacks. Such NIDSs must be re-synthesized when a new set of rules is available, which happens frequently. In SPP-NIDS, the rule set defining network intrusion patterns is stored in RAM, enabling its straightforward upgrade. The proposed system, when implemented in a 2-million gate FPGA is able to work at a 100 Mbps network data rate, using the complete set of SNORT rules. If more performance is required, it suffices to scale the system, by adding extra processors.