Title :
Multi-pattern signature matching for hardware network intrusion detection systems
Author :
Song, Haoyu ; Lockwood, John W.
Author_Institution :
Dept. of Comput. Sci. & Eng., Washington Univ., St. Louis, MO, USA
fDate :
28 Nov.-2 Dec. 2005
Abstract :
Network intrusion detection system (NIDS) performs deep inspections on the packet payload to identify, deter and contain the malicious attacks over the Internet. It needs to perform exact matching on multi-pattern signatures in real time. In this paper we introduce an efficient data structure called extended Bloom filter (EBF) and the corresponding algorithm to perform the multi-pattern signature matching. We also present a technique to support long signature matching so that we need only to maintain a limited number of supported signature lengths for the EBFs. We show that at reasonable hardware cost we can achieve very fast and almost time-deterministic exact matching for thousands of signatures. The architecture takes the advantages of embedded multi-port memories in FPGAs and can be used to build a full-featured hardware-based NIDS.
Keywords :
Internet; data structures; field programmable gate arrays; handwriting recognition; nonlinear filters; pattern matching; security of data; FPGA; Internet; data structure; extended Bloom filter; hardware network intrusion detection systems; malicious attacks; multipattern signature matching; packet payload; time-deterministic exact matching; Costs; Data structures; Hardware; IP networks; Information filtering; Information filters; Inspection; Intrusion detection; Matched filters; Payloads;
Conference_Titel :
Global Telecommunications Conference, 2005. GLOBECOM '05. IEEE
Print_ISBN :
0-7803-9414-3
DOI :
10.1109/GLOCOM.2005.1577937
