Design and Implementation of a Multi-gigabit Intrusion and Virus/Worm Detection System

In order to support a line-speed intrusion detection, a hardware-based solution for an intrusion detection is required, because the traditional Intrusion Detection System (IDS) based on software does not provide enough performance. In this paper, we have proposed a network processor based intrusion detection system supporting up to a 10 Gbps interfaces with deep packet inspection. To achieve higher performance, we have employed a Ternary Content Addressable Memory (TCAM) and invented a parallel TCAM accessing scheme with storing all position-aware sub-patterns in TCAM. In addition, the parallel TCAM access is applicable to the multi-packet inspection and plenty of very large patterns such as virus and worm signatures. With various experimental results, we have clearly justified the proposed algorithm works well for a multi-gigabit intrusion and virus/worm detection system.