Title :
A Method of Generating Highly Efficient String Matching Circuit for Intrusion Detection
Author :
Katashita, Toshihiro ; Maeda, Atsusi ; Toda, Kenji ; Yamaguchi, Yoshinori
Author_Institution :
National Inst. of Adv. Ind. Sci. & Technol., Tsukuba
Abstract :
This paper proposes a method of generating a lightweight scalable NFA-based string matching circuit with elimination of redundant resources. String matching circuits have been studied extensively for intrusion detection systems. An NFA-based string matching circuit, one of the works, has expandability of the processing data width. Due to the huge hardware requirement, it was difficult to implement an NFA-based string matching circuit with the whole Snort 2.3.3 rule (35461 characters) that processes at 10 Gbps on a single FPGA. To reduce the circuit area, we eliminate redundant states of the NFA with the Aho-Corasick approach and redundant AND-gates in the NFA. Consequently, our method reduces the resource requirements by over 50% as compared with previous NFA-based circuits, and the synthesis result shows that a matching circuit that includes the whole Snort 2.3.3 rule can be implemented onto a single Xilinx Virtex-II pro xc2vp-100 with throughput over 10 Gbps
Keywords :
field programmable gate arrays; logic design; security of data; 10 Gbit/s; Aho-Corasick approach; FPGA; Snort 2.3.3 rule; Xilinx Virtex-II pro xc2vp-100; field programmable gate arrays; intrusion detection systems; nondeterministic finite automation; redundant AND-gates; scalable NFA-based string matching circuit; Circuit synthesis; Clocks; Data processing; Electronics industry; Field programmable gate arrays; Hardware; Industrial electronics; Intrusion detection; Network synthesis; Throughput;
Conference_Titel :
Field Programmable Logic and Applications, 2006. FPL '06. International Conference on
Conference_Location :
Madrid
Print_ISBN :
1-4244-0312-X
DOI :
10.1109/FPL.2006.311317
