High-Throughput Low-Power Variable Rate Network Intrusion Detection System Using Unique SRAM Controller

Nagaraju, S.; Sudhakara Reddy, P.

doi:10.1007/978-981-10-4280-5_18

S. Nagaraju⁶ &
P. Sudhakara Reddy⁷

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 434))

1132 Accesses

Abstract

Network intrusion detection system (NIDS) is a major research area for security mechanism. In recent years, the demand for digital systems in network field increase due to the development of 4G technology and high network traffic rate. In this paper, we propose a bit-based pattern matching algorithm with unique SRAM architecture for parallel processing. To reduce the bit transitions during matching process state encoded finite-state machines (FSMs) were used which the main core in the pattern is matching process, where a number of states remain constant over pattern length. To avoid synchronization problem over variable rate pattern match unique controllers are used which is driven by adaptive digital phase locked loop (ADPLL). The functionality is proved through the test bench simulation using Modelsim and power efficiency is verified using FPGA synthesis. In this work, memory size requirements are reduced by 8 times with an early detection scheme and the overall throughput rate is attained in the range of 13 Gbps. Finally, the dynamic power consumption is greatly reduced by 7% through gated logic.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Hardcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Baker, Z. K. and Prasanna, V.K. 2005. A computationally efficient engine for flexible intrusion detection. IEEE Trans. VLSI Syst. 13, 10, 1179–1189.
Google Scholar
Dharmapurikar, S, and Lockwood, J. 2006. Fast and scalable pattern matching for network intrusion detection systems. IEEE J. Sel. Areas Comm. 24, 10, 1781–1792.
Google Scholar
A. V. Aho, M. J. Corasick, Efficient string matching: an aid to bibliographic search, Comm. of the ACM, Vol. 18, No. 6, pp. 333–340, (1975).
Google Scholar
Tuck, N., Sherwood, T., Calder, B., and Varghese, G. 2004. Deterministic memory-efficient string matching algorithms for intrusion detection. In the 23rd Conference of the IEEE Communications Society (Infocomm).
Google Scholar
Xu, J., Kalbarczyk, Z., Patel, S., and Iyer, R. K. 2002. Architecture support for defending against buffer overflow attacks. In Workshop on Evaluating and Architecting Systems for Dependability.
Google Scholar
I. Sourdis and D. Pnevmatikatos. Fast, large-scale string match for a 10gbps FPGA-based network intrusion. FPL, 2003:880–889, (2003).
Google Scholar
http://www.stoimen.com/blog/2012/03/27/computer-algorithms-brute-force-stringmatching.
Boyer, R. S. And Moore, J. S. 1977. A fast string searching algorithm. Communications of the ACM 20, 10, 761–772.
Google Scholar
Vasiliadis, G., Polychronakis, M., Antonatos, S., Markatos, E.P. and Ioannidis, S. (2009) Regular expression matching on graphics hardware for intrusion detection. In Kirda, E., Jha, S. and Balzarotti, D. (eds.), RAID 2009, Lecture Notes in Computer Science (vol. 5785), pp. 265–283. Springer, Berlin, Heidelberg.
Google Scholar
Ho., J.T.L, and Lemieux, G.G.F. (2008) PERG: a scalable FPGA-based pattern-matching engine with consolidated Bloomier filters. Int. Conf. Field-Programmable Technology, Taipei, Taiwan, December 7–11, pp. 73–80.
Google Scholar
L. Tan and T. Sherwood. A high throughput string matching architecture for intrusion detection and prevention. In ISCA ’05: Proceedings of the 32nd annual international symposium on Computer Architecture, pages 112–122, Washington, DC, USA, 2005. IEEE Computer Society.
Google Scholar

Download references

Author information

Authors and Affiliations

Department of ECE, Jawaharlal Nehru Technological University Anantapur, Anantapur, Andhra Pradesh, India
S. Nagaraju
Department of ECE, Srikalahasteeswara Institute of Technology, Srikalahasti, Andhra Pradesh, India
P. Sudhakara Reddy

Authors

S. Nagaraju
View author publications
You can also search for this author in PubMed Google Scholar
P. Sudhakara Reddy
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to S. Nagaraju .

Editor information

Editors and Affiliations

Deparment of Computer Science and Engineering, PVP Siddhartha Institute of Technology, Vijayawada, Andhra Pradesh, India
Suresh Chandra Satapathy
Department of Electronics and Communication Engineering, Shri Ramswaroop Memorial Group, Lucknow, Uttar Pradesh, India
Vikrant Bhateja
Department of ECE, Raghu Institute of Technology, Visakhapatnam, Andhra Pradesh, India
P. Satish Rama Chowdary
Department of ECE, Raghu Institute of Technology, Visakhapatnam, Andhra Pradesh, India
V.V.S.S. Sameer Chakravarthy
Department of Electronics and Telecommunications, Universitat Ramon Llull, Barcelona, Barcelona, Spain
Jaume Anguera

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Nagaraju, S., Sudhakara Reddy, P. (2018). High-Throughput Low-Power Variable Rate Network Intrusion Detection System Using Unique SRAM Controller. In: Satapathy, S., Bhateja, V., Chowdary, P., Chakravarthy, V., Anguera, J. (eds) Proceedings of 2nd International Conference on Micro-Electronics, Electromagnetics and Telecommunications. Lecture Notes in Electrical Engineering, vol 434. Springer, Singapore. https://doi.org/10.1007/978-981-10-4280-5_18

Download citation

DOI: https://doi.org/10.1007/978-981-10-4280-5_18
Published: 07 September 2017
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-4279-9
Online ISBN: 978-981-10-4280-5
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics