Proceedings ArticleDOI
Assisting network intrusion detection with reconfigurable hardware
Brad Hutchings,R. Franklin,D. Carver +2 more
- pp 111-120
Reads0
Chats0
TLDR
A module generator that extracts strings from the Snort NIDS rule-set, generates a regular expression that matches all extracted strings, synthesizes a FPGA-based string matching circuit, and generates an EDIF netlist that can be processed by Xilinx software to create an FPGAs bitstream is developed.Abstract:
String matching is used by Network Intrusion Detection Systems (NIDS) to inspect incoming packet payloads for hostile data. String-matching speed is often the main factor limiting NIDS performance. String-matching performance can be dramatically improved by using Field-Programmable Gate Arrays (FPGAs); accordingly, a "regular-expression to FPGA circuit" module generator has been developed. The module generator extracts strings from the Snort NIDS rule-set, generates a regular expression that matches all extracted strings, synthesizes a FPGA-based string matching circuit, and generates an EDIF netlist that can be processed by Xilinx software to create an FPGA bitstream. The feasibility of this approach is demonstrated by comparing the performance of the FPGA-based string matcher against the software-based GNU regex program. The FPGA-based string matcher exceeds the performance of the software-based system by 600x for large patterns.read more
Citations
More filters
Journal ArticleDOI
Deep packet inspection using parallel bloom filters
TL;DR: This work describes a hardware-based technique using Bloom filters, which can detect strings in streaming data without degrading network throughput and queries a database of strings to check for the membership of a particular string.
Book
Reconfigurable Computing: The Theory and Practice of FPGA-Based Computation
Scott Hauck,André DeHon +1 more
TL;DR: This book is intended as an introduction to the entire range of issues important to reconfigurable computing, using FPGAs as the context, or "computing vehicles" to implement this powerful technology.
Proceedings ArticleDOI
Fast and memory-efficient regular expression matching for deep packet inspection
TL;DR: In this article, the authors proposed regular expression rewrite techniques that can effectively reduce memory usage and developed a grouping scheme that can strategically compile a set of regular expressions into several engines, resulting in remarkable improvement of regular expression matching speed without much increase in memory usage.
Journal ArticleDOI
Reconfigurable computing: architectures and design methods
Tim Todman,George A. Constantinides,Steven J. E. Wilton,Oskar Mencer,Wayne Luk,Peter Y. K. Cheung +5 more
TL;DR: It is shown that reconfigurable computing designs are capable of achieving up to 500 times speedup and 70% energy savings over microprocessor implementations for specific applications.
Tools and Algorithms for the Construction and Analysis of Systems, 7th International Conference, TACAS 2001, Genova, Italy, April 2-6, 2001
Tiziana Margaria,Wang Yi +1 more
TL;DR: This dissertation would like to discuss in detail the development of and use of the Erlang Verification Tool, a tool for Computer-Aided Analysis and Validation of Abstract State Machine Models, and its applications.
References
More filters
Proceedings Article
Snort - Lightweight Intrusion Detection for Networks
TL;DR: Snort provides a layer of defense which monitors network traffic for predefined suspicious activity or patterns, and alert system administrators when potential hostile traffic is detected.
Proceedings ArticleDOI
Fast Regular Expression Matching Using FPGAs
TL;DR: An efficient method for finding matches to a given regular expression in given text using FPGAs using the Nondetermineistic Finite Automaton, the first prctical use of a nondeterministic state machine on programmable logic.
Proceedings ArticleDOI
JHDL-an HDL for reconfigurable systems
P. Bellows,Brad Hutchings +1 more
TL;DR: JHDL is a design tool for reconfigurable systems that allows designers to express circuit organizations that dynamically change over time in a natural way, using only standard programming abstractions found in object-oriented languages.
Proceedings ArticleDOI
Towards faster string matching for intrusion detection or exceeding the speed of Snort
TL;DR: The effectiveness of a significantly faster approach to pattern matching in the open source NIDS Snort is described, which can keep up with increasing network speeds and traffic.
Proceedings ArticleDOI
Teramac-configurable custom computing
TL;DR: A configurable custom computing engine, based on field programmable gate arrays, to enable experiments on an interesting scale, using Teramac to conduct experiments with special purpose processors involving search of nontext databases.