Advertisement

Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs

  • Zachary K. Baker
  • Viktor K. Prasanna
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3203)

Abstract

This paper presents a tool for automatic synthesis of highly efficient intrusion detection systems using a high-level, graph-based partitioning methodology, and tree-based lookahead architectures. Intrusion detection for network security is a compute-intensive application demanding high system performance. This tool automates the creation of efficient FPGA architectures using system-level optimizations, a relatively unexplored field in this area. The pre-design tool allows for more efficient communication and extensive reuse of hardware components for dramatic increases in area-time performance. The tool is available online for public use.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Hutchings, B.L., Franklin, R., Carver, D.: Assisting Network Intrusion Detection with Reconfigurable Hardware. In: Proceedings of FCCM 2002 (2002)Google Scholar
  2. 2.
    Cho, Y., Mangione-Smith, W.H.: Deep Packet Filter with Dedicated Logic and Read Only Memories. In: The Twelfth Annual IEEE Symposium on Field Programmable Custom Computing Machines 2004, FCCM 2004 (2004)Google Scholar
  3. 3.
    Sourdis, I., Pnevmatikatos, D.: A Methodology for the Synthesis of Efficient Intrusion Detection Systems on FPGAs. In: The Twelfth Annual IEEE Symposium on Field Programmable Custom Computing Machines 2004, FCCM 2004 (2004)Google Scholar
  4. 4.
    Gokhale, M., Dubois, D., Dubois, A., Boorman, M., Poole, S., Hogsett, V.: Granidt: Towards Gigabit Rate Network Intrusion Detection. In: Glesner, M., Zipf, P., Renovell, M. (eds.) FPL 2002. LNCS, vol. 2438, p. 404. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Moscola, J., Lockwood, J., Loui, R.P., Pachos, M.: Implementation of a Content- Scanning Module for an Internet Firewall. In: Proceedings of FCCM 2003 (2003)Google Scholar
  6. 6.
    Sourcefire: Snort: The Open Source Network Intrusion Detection System (2003), http://www.snort.org
  7. 7.
    Hogwash Intrusion Detection System (2004), http://hogwash.sourceforge.net/
  8. 8.
    Global Velocity (2004), http://www.globalvelocity.info/
  9. 9.
    Clark, C.R., Schimmel, D.E.: Scalable Parallel Pattern Matching on High Speed Networks. In: The Twelfth Annual IEEE Symposium on Field Programmable Custom Computing Machines 2004, FCCM 2004 (2003)Google Scholar
  10. 10.
    Clark, C.R., Schimmel, D.E.: Efficient Reconfigurable Logic Circuits for Matching Complex Network Intrusion Detection Patterns. In: Y. K. Cheung, P., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Cho, Y.H., Navab, S., Mangione-Smith, W.H.: Specialized Hardware for Deep Network Packet Filtering. In: Glesner, M., Zipf, P., Renovell, M. (eds.) FPL 2002. LNCS, vol. 2438, p. 452. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Sourdis, I., Pnevmatikatos, D.: Fast, Large-Scale String Match for a 10Gbps FPGA-Based Network Intrusion Detection System. In: Y. K. Cheung, P., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Baker, Z.K., Prasanna, V.K.: A Methodology for the Synthesis of Efficient Intrusion Detection Systems on FPGAs (2004) (accepted for publication at FCCM 2004)Google Scholar
  14. 14.
    Baker, Z.K., Prasanna, V.K.: Time and Area Efficient Pattern Matching on FPGAs. In: Proceedings of FPGA 2004 (2004)Google Scholar
  15. 15.
    Karypis, G., Aggarwal, R., Schloegel, K., Kumar, V., Shekhar, S.: METIS Family of Multilevel Partitioning Algorithms (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Zachary K. Baker
    • 1
  • Viktor K. Prasanna
    • 1
  1. 1.University of Southern CaliforniaLos AngelesUSA

Personalised recommendations