Title :
Intrusion Detection System Intended for Multigigabit Networks
Author :
Jan Korenek;Petr Kobiersky
Author_Institution :
Faculty of Information Technology, Brno University of Technology, Bo?et?chova 2, Brno, 612 66, Czech Republic. Email: korenek@fit.vutbr.cz
fDate :
4/1/2007 12:00:00 AM
Abstract :
Network intrusion detection systems (IDS) are becoming an important tool for securing critical information and infrastructure. Current software-based IDS often fails to keep up with high-speed network links so a hardware based IDS is requested. This paper deals with design and implementation of complete hardware accelerated IDS solution based on field-programmable gate array (FPGA). Core generator for automatic mapping of IDS rules to FPGA logic was designed to assure fast packet classification and high speed pattern matching. Proposed architecture has been evaluated on a COMB06X card with FPGA Virtex-II Pro. Using COMB06X card theoretical throughput 6.4 Gbps was achieved for all Snort rules. The designed system can be configured by rules described in Snort format using web interface.
Keywords :
"Intrusion detection","Pattern matching","Computer architecture","Field programmable gate arrays","Telecommunication traffic","Hardware","Throughput","Acceleration","Protocols","Network interfaces"
Conference_Titel :
Design and Diagnostics of Electronic Circuits and Systems, 2007. DDECS ´07. IEEE
Print_ISBN :
1-4244-1161-0
DOI :
10.1109/DDECS.2007.4295313
