Super fast hardware string matching

With the appearance of multi-gigabit network infrastructure, a typical network intrusion detection system (NIDS) has to cope with the network speed. By examining each packet flowing through a network segment, suspicious packets are detected and reported to assure security. Up to 57% of the execution...

Full description

Saved in:
Bibliographic Details
Main Authors: Dan Lo, Chia-Tien, Tai, Yi-gang, Psarris, Kleanthis, Hwang, Wen-jyi
Format: Conference Proceeding
Language:English
Subjects:
Bandwidth
Computer networks
Computer science
Data communication
Event detection
Field programmable gate arrays
Hardware
Information security
Intrusion detection
Software performance
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the appearance of multi-gigabit network infrastructure, a typical network intrusion detection system (NIDS) has to cope with the network speed. By examining each packet flowing through a network segment, suspicious packets are detected and reported to assure security. Up to 57% of the execution time in a NIDS is found to compare string against a predefined/known pattern. It is hard to implement a multi-gigabit performance NIDS without hardware support. This paper proposes a very high speed string matching algorithm which can be easily implemented into FPGAs. The parallel matching design takes a segment of text from the payload of a packet and detects all possible tokens including those crossing text segment boundaries. Simulation results show a throughput of 23.43 Gbps with a moderate operating frequency of 366.2 MHz
DOI:10.1109/FPT.2006.270354