Efficient Logic Circuit for Network Intrusion Detection

  • Huang-Chun Roan
  • Chien-Min Ou
  • Wen-Jyi Hwang
  • Chia-Tien Dan Lo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4096)

Abstract

A novel architecture for a hardware-based network intrusion detection system (NIDS) is presented in this paper. The system adopts an FPGA-based signature match co-processor as a core for the NIDS. The signature matcher is based on an algorithm that employs simple shift registers, or-gates, and ROMs in which patterns are stored. As compared with related work, experimental results show that the proposed work achieves higher throughput and less hardware resource in the FPGA implementations of network intrusion detection.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    SNORT official web site, http://www.snort.org
  2. 2.
    Ramirez, T., Lo, C.D.: Rule set decomposition for hardware network intrusion detection. In: The 2004 International Computer Symposium (ICS 2004) (2004)Google Scholar
  3. 3.
    Gokhale, M., Dubois, D., Dubois, A., Boorman, M., Poole, S., Hogsett, V.: Granidt: towards gigabit rate network intrusion detection technology. In: Proceedings of the International Conference on Field Programmable Logic and Application, pp. 404–413 (2002)Google Scholar
  4. 4.
    Hutchings, B.L., Franklin, R., Carver, D.: Assisting network intrusion detection with reconfigurable hardware. In: Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, pp. 111–120 (2002)Google Scholar
  5. 5.
    Singaraju, J., Bu, L., Chandy, J.A.: A signature match processor architecture for network intrusion detection. In: Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, pp. 235–242 (2005)Google Scholar
  6. 6.
    Sourdis, I., Pnevmatikatos, D.N.: Pre-decoded cams for efficient and high-speed nids pattern matching. In: Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, pp. 258–267 (2004)Google Scholar
  7. 7.
    Moscola, J., Lockwood, J.W., Loui, R.P., Pachos, M.: Implementation of a content-scanning module for an internet firewall. In: Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, pp. 31–38 (2003)Google Scholar
  8. 8.
    Baeza-Tates, R., Gonnet, G.: A new approach to text searching. Communications of the ACM 35, 74–82 (1992)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Huang-Chun Roan
    • 1
  • Chien-Min Ou
    • 2
  • Wen-Jyi Hwang
    • 1
  • Chia-Tien Dan Lo
    • 3
  1. 1.Graduate Institute of Computer Science and Information EngineeringNational Taiwan Normal UniversityTaipeiTaiwan
  2. 2.Department of Electronics EngineeringChing Yun UniversityChungliTaiwan
  3. 3.Department of Computer ScienceUniversity of Texas at San AntonioSan AntonioUSA

Personalised recommendations