High Speed Network Intrusion Detection System Using FPGA

  • S. Anuraj
  • P. Premalatha
  • T. Gireeshkumar
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 379)


Modern Network Intrusion detection needs a high-speed interface to analyze the incoming packet. Several network intrusion detection applications detect multiple strings in the payload of a packet by comparing it against predefined pattern set which requires more memory and computation power. To meet this, a dedicated hardware with high processing capacity can be placed at the port of incoming packets. Field Programmable Gate Array (FPGA) is the choice as it can be programmed easily and dynamically for parallel computing. Moreover, FPGA devices support at high-speed interface and are capable of providing better processing capability than other device; also it can be reprogrammed when it is needed. This paper proposes a new alternative approach to leaf attaching algorithm to improve the memory efficiency of algorithm.


Field programmable gate array (FPGA) Network intrusion detection system (NIDS) Networking algorithm 


  1. 1.
    Roesh, S.M.: Snort-light weight intrusion detection for networks. In: Proceeding of LISA, vol. 99, pp. 299–238Google Scholar
  2. 2.
    Qingbo Wang and Viktor K Prasanna. Multi-core architecture on fpga for large dictionary string matching. In: FCCM’0, 17th IEEE Symposium on Field Programmable Custom Computing Machines, pp. 96–103, IEEE (2009)Google Scholar
  3. 3.
  4. 4.
    Song, H., Lockwood, J.W.: Efficient packet classification for network intrusion detection using fpga. In: Proceedings of the 2005 ACM/SIGDA 13th International Symposium on Field-programmable Gate Arrays, pp. 238–245. ACM (2005)Google Scholar
  5. 5.
    Pontarelli, Salvatore, Bianchi, Giuseppe, Teofili, Simone: Traffic-aware design of a high-speed fpga network intrusion detection system. IEEE Trans. Comput. 62(11), 2322–2334 (2013)MathSciNetCrossRefGoogle Scholar
  6. 6.
  7. 7.
    Aho, A.V., Corasick, M.J.: Efficient string matching: an aid to bibliographic search. Commun. ACM 18(6), 333–340 (1975)MATHMathSciNetCrossRefGoogle Scholar
  8. 8.
    Varghese, G.: Network Algorithmics. Chapman & Hall/CRC (2010)Google Scholar
  9. 9.
    Tuck, N., Sherwood, T., Calder, B., Varghese, G.: Deterministic memory-efficient string matching algorithms for intrusion detection. In: INFOCOM 2004 Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 4, pp. 2628–2639, IEEE (2004)Google Scholar
  10. 10.
    Le, H., Prasanna, V.K.: A memory-efficient and modular approach for large-scale string pattern matching. IEEE Trans. Comput. 62(5):844–857 (2013)Google Scholar
  11. 11.
    Arudchutha, S., Nishanthy, T, Ragel, R.G.: String matching with multicore cpus: performing better with the aho-corasick algorithm. arXiv preprint arXiv:1403.1305 (2014)
  12. 12.
    Hasib, S., Motwani, M., Saxena, A.: Importance of aho-corasick string matching algorithm in real world applications (2013)Google Scholar
  13. 13.
    Tumeo, A., Villa, O., Chavarra-Miranda, D.G.: Aho-corasick string matching on shared and distributed-memory parallel architectures. IEEE Trans. Parallel Distrib. Syst. 23(3):436–443 (2012)Google Scholar
  14. 14.
    Rafeeq Ur Rehman: Intrusion detection systems with Snort: advanced IDS techniques using Snort, Apache, PHP, and ACID. Prentice Hall Professional, MySQL (2003)Google Scholar

Copyright information

© Springer India 2016

Authors and Affiliations

  1. 1.TIFAC-CORE in Cyber SecurityAmrita Vishwa VidyapeethamCoimbatoreIndia
  2. 2.Department of Electronics and CommunicationsAmrita Vishwa VidyapeethamCoimbatoreIndia

Personalised recommendations