Title :
A memory efficient FPGA-based pattern matching engine for stateful NIDS
Author :
Tran Trung Hieu ; Ngoc Thinh Tran
Author_Institution :
Fac. of Comput. Sci. & Eng., HCMC Univ. of Technol., Ho Chi Minh City, Vietnam
Abstract :
Pattern matching task plays an important role in network security applications especially Network Intrusion Detection System (NIDS). The limitation of matching throughput on general purpose processor gives rise to implementation of the task on FPGA. In this paper, we introduce a memory efficient FPGA-based pattern matching engine. We bases on Deterministic Finite Automata (DFA) and propose some modifications to reduce redundant logic. The proposed design, with better memory utilization, is capable of dynamic update and compatible to stateful NIDS. The analysis of memory efficiency and the hardware implementation of proposed design are also provided in this paper. We experiment our approach on contemporary NIDS pattern sets and build a prototype to test on real network environment. The results show that our design could save up to 90% hardware resources compare to traditional approach. The matching engine is compatible to gigabit network and could achieve 2.7-3.2x speed up to software-based matching engine.
Keywords :
deterministic automata; field programmable gate arrays; finite state machines; pattern matching; security of data; DFA; FPGA-based pattern matching engine; NIDS; deterministic finite automata; general purpose processor; gigabit network; hardware implementation; memory efficiency; network intrusion detection system; network security applications; redundant logic; Engines; Field programmable gate arrays; Indexes; DFA; FPGA; FSM; NIDS; pattern matching;
Conference_Titel :
Ubiquitous and Future Networks (ICUFN), 2013 Fifth International Conference on
Conference_Location :
Da Nang
DOI :
10.1109/ICUFN.2013.6614821
