Gigabit Network Intrusion Detection System Using Extended Bloom Filter in Reconfigurable Hardware

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 379)


Network intrusion detection system collects information from network and identifies all the possible existing network security threats. Software based detection systems are common but are not good enough for the current network security requirements. Present day network intrusion detection needs wire-level data transfer to avoid the inefficiency in pattern matching process. Hardware based solutions like field programmable gate array which is known for its high processing capability can easily solve these issues. This paper implements a hardware based gigabit intrusion detection system using extended Bloom filter concepts. The paper presents a solution to reduce the high error rate of Bloom Filter by introducing a Reference Vector to the work and evaluates its performance. The reference vector verifies the Bloom filter output for any possible false positive results and reduces the error rate in the system.


Network intrusion detection Field programmable gate array Extended bloom filter Reference vector 


  1. 1.
    Roesch, Martin, et al.: Snort: lightweight intrusion detection for networks. LISA 99, 229–238 (1999)Google Scholar
  2. 2.
    Cohen, S., Matias, Y.: Spectral bloom filters. In: Proceedings of the 2003 ACM SIGMOD international conference on Management of data, pp. 241–252. ACM (2003)Google Scholar
  3. 3.
    Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)MATHCrossRefGoogle Scholar
  4. 4.
    Fan, L., Cao, P., Almeida, J., Broder, A.Z.: Summary cache: a scalable wide-area web cache sharing protocol. In: IEEE/ACM Transactions on Networking (TON) 8(3):281–293 (2000)Google Scholar
  5. 5.
    Sidhu, R., Prasanna, V.K.: Fast regular expression matching using FPGAs. In: The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, FCCM’01, pp. 227–238. IEEE (2001)Google Scholar
  6. 6.
    Hutchings, B.L., Franklin, R., Carver, D.: Assisting network intrusion detection with reconfigurable hardware. In: Proceedings 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines. pp. 111–120. IEEE (2002)Google Scholar
  7. 7.
    Broder, A., Mitzenmacher, M.: Network applications of bloom filters: a survey. Internet Math 1(4), 485–509 (2004)MATHMathSciNetCrossRefGoogle Scholar
  8. 8.
    Dharmapurikar, S., Krishnamurthy, P., Sproull, T., Lockwood, J.: Deep packet inspection using parallel bloom filters. In: Proceedings of 11th Symposium on High Performance Interconnects. pp. 44–51. IEEE (2003)Google Scholar
  9. 9.
    Dharmapurikar, S., Attig, M., Lockwood, J.: Design and implementation of a string matching system for network intrusion detection using FPGA-based bloom filters. In: IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM04) (2004)Google Scholar
  10. 10.
    Ramakrishna, M., Fu, E., Bahcekapili, E.: A performance study of hashing functions for hardware applications. In: Proceedings of International Conference on Computing and Information, pp. 1621–1636 (1994)Google Scholar
  11. 11.
    Song, H., Lockwood, J.W.: Efficient packet classification for network intrusion detection using FPGA. In: Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays, pp. 238–245. ACM (2005)Google Scholar
  12. 12.
    Pontarelli, S., Bianchi, G., Teofili, S.: Traffic-aware design of a high-speed FPGA network intrusion detection system. Trans. Comput. IEEE 62(11), 2322–2334 (2013)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Baker, Z.K., Prasanna, V.K.: Automatic synthesis of efficient intrusion detection systems on FPGAs. In: Field Programmable Logic and Application, pp. 311–321. Springer, Berlin (2004)Google Scholar
  14. 14.
    Hua, N., Norige, E., Kumar, S., Lynch, B.: Non-crypto hardware hash functions for high performance networking ASICs. In: Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems, pp. 156–166. IEEE Computer Society (2011)Google Scholar
  15. 15.
    Xilinx Inc. Virtex-II Pro and Virtex-II Pro X platform FPGAs: Complete data sheet (2004)Google Scholar

Copyright information

© Springer India 2016

Authors and Affiliations

  1. 1.TIFAC CORE in Cyber SecurityAmrita Vishwa VidyapeethamCoimbatoreIndia

Personalised recommendations