Title :
Super fast hardware string matching
Author :
Chia-Tien Dan Lo ; Tai, Yi Gang ; Psarris, Kleanthis ; Hwang, Wen Jyi
Author_Institution :
Dept. of Comput. Sci., Texas Univ., San Antonio, TX
Abstract :
With the appearance of multi-gigabit network infrastructure, a typical network intrusion detection system (NIDS) has to cope with the network speed. By examining each packet flowing through a network segment, suspicious packets are detected and reported to assure security. Up to 57% of the execution time in a NIDS is found to compare string against a predefined/known pattern. It is hard to implement a multi-gigabit performance NIDS without hardware support. This paper proposes a very high speed string matching algorithm which can be easily implemented into FPGAs. The parallel matching design takes a segment of text from the payload of a packet and detects all possible tokens including those crossing text segment boundaries. Simulation results show a throughput of 23.43 Gbps with a moderate operating frequency of 366.2 MHz
Keywords :
field programmable gate arrays; logic design; parallel processing; security of data; string matching; 23.43 Gbit/s; 366.2 MHz; FPGA; multi-gigabit network infrastructure; network intrusion detection system; network speed; parallel matching design; string matching algorithm; Bandwidth; Computer networks; Computer science; Data communication; Event detection; Field programmable gate arrays; Hardware; Information security; Intrusion detection; Software performance;
Conference_Titel :
Field Programmable Technology, 2006. FPT 2006. IEEE International Conference on
Conference_Location :
Bangkok
Print_ISBN :
0-7803-9729-0
Electronic_ISBN :
0-7803-9729-0
DOI :
10.1109/FPT.2006.270354
