Analysis and Performance Evaluation of Application Specific Processors for Network-Based Intrusion Detection Systems

  • Majid Nezakatolhoseini
  • Sam Jabbehdari
  • Mohammad Ali Pourmina
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 176)


By growing and development of computer networks and generalizing the use of modern services on the information platform, the importance of communication and information security is considered more than the other times by network representations and users. Presented reports by response computer incident different groups show the wide growth of computer attacks in the recent years. In this case Network Intrusion Detection Systems (NIDS) as one of the Intrusion Detection System (IDS) types, are be transformed to the utilization systems for establishing the security levels and detecting the illegal activities in the network. This research includes an IDS which is written in C programming language that uses 15597 Snort rules and MIT Lincoln Lab network traffic. By running this security application on the V850, OR1K, MIPS32, ARM7TDMI and PowerPC32 microprocessors, their performance can be evaluated. For increasing the performance in this research, the GNU Compiler Collection (GCC) optimization levels are used and at the end, base on O2 optimization level a new combination of optimization flags is presented which the performance of ARM7TDMI microprocessor is increased.


Intrusion Detection Bloom Filter Attack Signature Attack Pattern Defense Advance Research Project Agency 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, J.P.: Computer security threat monitoring and surveillance. Technical report. James P. Anderson Company, Fort Washington, Pennsylvania (April 1980)Google Scholar
  2. 2.
    Denning, D.: An intrusion-detection model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)CrossRefGoogle Scholar
  3. 3.
    Sourcefire. Snort: The Open Source Network Intrusion Detection System (2009),
  4. 4.
    Jason Coit, C., Staniford, S., McAlerney, J.: Towards Faster String Matching for Intrusion Detection or Exceeding the Speed of Snort. In: DARPA Information Survivability Conference and Exposition (DISCEX II 2001), vol. 1, p. 367 (2001)Google Scholar
  5. 5.
    Moscola, J., Lockwood, J., Loui, R.P., Pachos, M.: Implementation of a Content-Scanning Module for an Internet Firewall. In: Proceedings of FCCM 2003 (April 2003)Google Scholar
  6. 6.
    Kumar, S., et al.: Algorithms to Accelerate Multiple Regular Expressions Matching for Deep Packet Inspection. In: ACM SIGCOMM 2006, Pisa, Italy, September 12-15 (2006)Google Scholar
  7. 7.
    Lu, H., Zheng, K., Liu, B., Zhang, X., Liu, Y.: A Memory-Efficient Parallel String Matching Architecture for High Speed Intrusion Detection. IEEE Journal on Selected Areas in Communications 24(10) (October 2006)Google Scholar
  8. 8.
    Kumar, S., Turner, J., Williams, J.: Advanced algorithms for fast and scalable deep packet inspection. In: Proc. of ACM/IEEE Symposium on Architecture for Networking and Sommunications Systems (ANCS 2006), pp. 81–92. ACM Press, New York (2006)CrossRefGoogle Scholar
  9. 9.
    Jiang, J., Wang, X., He, K., Liu, B.: Parallel Architecture for High Throughput DFA-Based Deep Packet Inspection. In: Proc. of IEEE Int. Conf. on Communications (ICC), pp. 23–27 (May 2010)Google Scholar
  10. 10.
    Song, T., Wang, D.: Another CDFA Based Multi-Pattern Matching Algorithm and Architecture for Packet Inspection. In: Proc. of 20th Int. Conf. on Computer Communications and Networks, ICCCN (2011)Google Scholar
  11. 11.
    Dharmapurikar, S., Krishnamurthy, P., Sproull, T., Lockwood, J.: Implementation of a Deep Packet Inspection Ciruit using Parallel Bloom Filters in Reconfigurable Hardware. In: Proceedings of HOTi 2003 (2003)Google Scholar
  12. 12.
    Sidhu, R., Mei, A., Prasanna, V.K.: String Matching on Multicontext FPGAs using Self-Reconfiguration. In: Proceedings of FPGA 2003 (February 1999)Google Scholar
  13. 13.
    Lee, T.H.: Hardware architecture for high-performance regular expression matching. IEEE Trans. on Computers (July 2009)Google Scholar
  14. 14.
    Lin, C.-H.: Hybrid memory architecture for regular expression matching. In: 52nd IEEE International Midwest Symposium on Circuits and Systems, MWSCAS, pp. 1159–1162 (2009)Google Scholar
  15. 15.
    Smith, R., et al.: XFA: Faster Signature Matching with Extended Automata. In: 2008 IEEE Symposium on Security and Privacy (2008)Google Scholar
  16. 16.
    Yu, F., Katz, R.H., Lakshman, T.V.: Gigabit Rate Packet Pattern-Matching Using TCAM. In: ICNP 2004 (2004)Google Scholar
  17. 17.
    Taherkhani, M.A., Abbaspour, M.: An Efficient Hardware Architecture for Deep Packet Inspection in Hybrid Intrusion Detection Systems. In: Proc. 4th International Conference on Communications and Networking in China, August 26-28 (2009)Google Scholar
  18. 18.
    Sourcefire, Inc. SNORT® Users Manual 2.9.0, The Snort Project (September 27, 2010)Google Scholar
  19. 19.
  20. 20.
    Doxygen, FFPT Reference Manual 1.3 (July 2004),
  21. 21.
  22. 22.
  23. 23.
    Compiler from Wikipedia,
  24. 24.
    GNU Compiler Collection from Wikipedia,
  25. 25.
    Optimize Options - Using the GNU Compiler Collection (GCC),

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Majid Nezakatolhoseini
    • 1
  • Sam Jabbehdari
    • 2
  • Mohammad Ali Pourmina
    • 3
  1. 1.Computer and Mechatronic Department Science and Research BranchIslamic Azad UniversityTehranIran
  2. 2.Computer Department Tehran North BranchIslamic Azad UniversityTehranIran
  3. 3.Electronic Department Science and Research BranchIslamic Azad UniversityTehranIran

Personalised recommendations