Title :
One Algorithm to Match Them All: On a Generic NIPS Pattern Matching Algorithm
Author :
Weinsberg, Yaron ; Tzur-David, Shimrit ; Dolev, Danny ; Anker, Tal
Author_Institution :
Hebrew Univ. Of Jerusalem, Jerusalem
fDate :
May 30 2007-June 1 2007
Abstract :
Today´s network intrusion prevention systems (NIPS) provide an important defense mechanism against security threats. The detection of network attacks utilizes a highspeed pattern matching algorithm that can be implemented in either hardware or software. Adapting a software-based pattern matching algorithm to hardware-based device is a complicated task. This paper presents a cost effective multi-pattern matching algorithm based on Field Programmable Gate Arrays (FPGAs) and standard RAM. The algorithm achieves line-rate speed, which is several orders of magnitude faster than the current state of the art, while attaining similar accuracy of detection. The algorithm can be easily adapted to operate in hardware-based NIPS and attain even higher speed by utilizing a TCAM memory.
Keywords :
field programmable gate arrays; pattern matching; random-access storage; security of data; telecommunication security; RAM; field programmable gate array; multipattern matching algorithm; network intrusion prevention system; random access storage; software-based pattern matching; Costs; Engines; Field programmable gate arrays; Hardware; Home appliances; Pattern matching; Random access memory; Read-write memory; Software algorithms; Telecommunication traffic;
Conference_Titel :
High Performance Switching and Routing, 2007. HPSR '07. Workshop on
Conference_Location :
Brooklyn, NY
Print_ISBN :
1-4244-1206-4
Electronic_ISBN :
1-4244-1206-4
DOI :
10.1109/HPSR.2007.4281234
