Title :
Performance of FPGA implementation of bit-split architecture for intrusion detection systems
Author :
Jung, Hong-Jip ; Baker, Zachary K. ; Prasanna, Viktor K.
Author_Institution :
Southern California Univ., Los Angeles, CA, USA
Abstract :
The use of reconfigurable hardware for network security applications has recently made great strides as field-programmable gate array (FPGA) devices have provided larger and faster resources. The performance of an intrusion detection system is dependent on two metrics: throughput and the total number of patterns that can fit on a device. In this paper, we consider the FPGA implementation details of the bit-split string-matching architecture. The bit-split algorithm allows large hardware state machines to be converted into a form with much higher memory efficiency. We extend the architecture to satisfy the requirements of the IDS state-of-the-art. We show that the architecture can be effectively optimized for FPGA implementation. We have optimized the pattern memory system parameters and developed new interface hardware for communicating with an external controller. The overall performance (bandwidth * number of patterns) is competitive with other memory-based string matching architectures implemented in FPGA.
Keywords :
field programmable gate arrays; reconfigurable architectures; security of data; string matching; telecommunication security; bit-split string-matching architecture; field-programmable gate array; hardware state machine; interface hardware; intrusion detection system; network security; pattern memory system parameter; reconfigurable hardware; Bandwidth; Computer architecture; Control systems; Field programmable gate arrays; Hardware; Intrusion detection; Memory architecture; Pattern matching; Software performance; Throughput;
Conference_Titel :
Parallel and Distributed Processing Symposium, 2006. IPDPS 2006. 20th International
Print_ISBN :
1-4244-0054-6
DOI :
10.1109/IPDPS.2006.1639434
