FPGA-Based Parallel Pattern Matching Algorithm for Network Intrusion Detection System

被引:5
作者
Yu, Jing [1 ]
Yang, Bo [1 ]
Sun, Ruiyuan [1 ]
Chen, Zhenxiang [1 ]
机构
[1] Univ Jinan, Sch Informat Sci & Engn, Jinan, Peoples R China
来源
MINES 2009: FIRST INTERNATIONAL CONFERENCE ON MULTIMEDIA INFORMATION NETWORKING AND SECURITY, VOL 2, PROCEEDINGS | 2009年
关键词
pattern matching; parallel; FPGA; NIDS;
D O I
10.1109/MINES.2009.64
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Pattern matching is the critical part in Network Intrusion Detection System (NIDS). Fast pattern matching algorithm is the key to improve the system performance. In this paper, a fast reverse pattern matching algorithm and the hardware implementation suitable with Field Programmable Gate Array (FPGA) are proposed. Taking advantage of the parallelism and programmability of FPGA, this design reduces the pattern match delay greatly. This design is implemented in a NetFPGA platform, which is an open hardware platform optimized for high-speed network. The parallel pattern matching system provides a high throughput of 4 Gbps with no data loss, which proves the information processing rate of this design.
引用
收藏
页码:458 / 461
页数:4
相关论文
共 13 条
[1]   EFFICIENT STRING MATCHING - AID TO BIBLIOGRAPHIC SEARCH [J].
AHO, AV ;
CORASICK, MJ .
COMMUNICATIONS OF THE ACM, 1975, 18 (06) :333-340
[2]  
ALDWAIRI M, 2005, ACM SIGARCH COMPUTER, V33, P99
[3]  
Baker Z., 2004, P 2004 ACMSIGDA 12 I, P223
[4]   FAST STRING SEARCHING ALGORITHM [J].
BOYER, RS ;
MOORE, JS .
COMMUNICATIONS OF THE ACM, 1977, 20 (10) :762-772
[5]   Deep packet filter with dedicated logic and read only memories [J].
Cho, YH ;
Mangione-Smith, WH .
12TH ANNUAL IEEE SYMPOSIUM ON FIELD-PROGRAMMABLE CUSTOM COMPUTING MACHINES, PROCEEDINGS, 2004, :125-134
[6]  
Cong J., 2008, PATTERN BASED BEHAV, P107
[7]  
KNUTH DE, 1974, SIAM J COMPUT, P323
[8]  
KUMAR S, 2006, COMPUT COMMUN REV, P11
[9]  
MITRA M, 2007, ACM IEEE S ARCH NETW, P127
[10]  
*NETFPGA, 2009, LIN RAT FLEX OP PLAT
12