Abstract
Network Intrusion Detection Systems is one of the most effective way of providing security to those connected to the network, and the string matching algorithm is the heart of the intrusion detection system. IDS checks both packet header and payload in order to detect content-based security threats.Payload scan requires efficient string matching techniques, since each incoming packet must be compared against the hundreds of known attacks. Checking every byte of every packet to see if it matches one of a set of ten thousand strings becomes a computationally intensive task as network speeds grows up. For high speed networks it can be difficult to keep up with intrusion detection using purely software approach without affecting performance of the system intended for designed application. It is essential to use hardware systems for intrusion detection. A string matching algorithm is implemented in hardware with the focus on increasing throughput, and reasonable area cost while maintaining the configurability provided by the software IDSs. This paper consist a review of different string matching techniques implemented in FPGA for detecting malicious packet over the network.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Babu Karuppiah, A., Rajaram, S.: Deterministic Finite Automata for Pattern Matching in FPGA for intrusion Detection. In: International Conference on Computer and Electrical Technoogy, ICCCET 2011, March 18-19 (2011)
Nakahara, H., Sasao, T., Matsuura, M.: A Regular Expression Matching Using Non-Deterministic Finite Automata. IEEE (2010)
Bonesana, I., Paolieri, M., Santambrogio, M.D.: An adaptable FPGA based system for regular expression Matching. IEEE (2008)
Aldwairi, M., Conte, T., Franzon, P.: Configurable string Matching Hardware for Speeding up Intrusion detection. ACM SIGARCH Computer Architecture News 33(1) (March 2005)
Tummala, A.K., Patel, P.: Distributed IDS using Reconfigurable Hardware. IEEE (2007)
Le, H., Prasanna, V.K.: Ming Hsieh Department of Electrical Engineering University of Southern California Los Angeles, CA 90089, USA A Memory-Efficient and Modular Approach for String Matching on FPGAs (2010)
Dhanapriya, M., Vasanthanayaki, C.: Hardware Based Pattern Matching Technique for Packet Inspection of High Speed Network. In: International Conference on Control, Automation, Communication and Energy Consevation 2009, June 4-6 (2009)
Sourdis, I., Pnevmatikatos, D.N., Vassiladis, S.: Scalable Multigigabit Pattern Matching for Packet Inspection. In: Proc. IEEE Symp. Field Program. Custom Comput. (February 2008)
Hutchings, B.L., Franklin, R., Carver, D.: Scalable hardware implementation usonf Finite Automata. Department of Electrical and Computer Engin.
Bloom, B.: Space/Time Tradeoffs in Hash Coding with Allowance Errors. Comm., ACM 13(7), 422–426 (1970)
Hasan, J., Cadambi, S., Jakkula, V., Chakradhar, S.: Chisel: A Storage-efficient, Collision-free Hash-based Network Processing Architecture. In: 33rd International Symposium on Computer Architecture, pp. 203–215
Sidhu, R., Prasanna, V.K.: Fast Regular Expression Matching using FPGAs. In: 9th Annual Symposium IEEE (2001)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pandey, A., Khare, N. (2012). String Matching Technique Based on Hardware: A Comparative Analysis. In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds) Advances in Computing and Information Technology. Advances in Intelligent Systems and Computing, vol 176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31513-8_35
Download citation
DOI: https://doi.org/10.1007/978-3-642-31513-8_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31512-1
Online ISBN: 978-3-642-31513-8
eBook Packages: EngineeringEngineering (R0)