Skip to main content
SpringerLink
Log in

Granidt: Towards Gigabit Rate Network Intrusion Detection Technology

  • Conference paper
  • First Online:
Field-Programmable Logic and Applications: Reconfigurable Computing Is Going Mainstream (FPL 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2438))

Included in the following conference series:

Abstract

We describe a novel application of reconfigurable computing to the problem of computer network security. By filtering network packets with customized logic circuits, we can search headers as well as packet content for specific signatures at Gigabit Ethernet line rate. Input to our system is a set of filter rule descriptions in the format of the public domain “snort” databases. These descriptions are used by the hardware circuits on two Xilinx Virtex 1000 FPGAs on a SLAAC1V [9]board. Packets are read from a Gigabit Ethernet interface card, the GRIP [8], and flow directly through the packet filtering circuits. A vector describing matching packet headers and content are returned to the host program, which relates matches back to the rule database, so that logs or alerts can be generated. The hardware runs at 66 MHz with 32-bit data, giving an effective line rate of 2 Gb/s. The granidt combination software/hardware runs at 24.9X the speed of snort 1.8.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. William Cheswick and Steven Bellovin. Firewalls and Internet Security. Addison-Wesley, 1994.

    Google Scholar 

  2. R. Franklin et al. Assisting network intrusion detection with reconfigurable hardware. IEEE FCCM 2002, 2002.

    Google Scholar 

  3. Joshua W. Haines, Richard P. Lippmann, David J. Fried, et al. 1999 darpa intrusion detection system evaluation: Design and procedures. MIT Lincoln Laboratory Technical Report, 2001.

    Google Scholar 

  4. Steven McCanne and Van Jacobson. The BSD packet filter: A new architecture for user-level packet capture. In USENIX Winter, pages 259–270, 1993.

    Google Scholar 

  5. J. McHenry et al. An fpga-based co-processor for atm firewalls. IEEE FCCM 2002, 1997.

    Google Scholar 

  6. IntruVert Networks. http://www.intruvert.com. 2002.

  7. Martin Roesch. Snort: The open source network intrusion detection system. http://www.snort.org, 2002.

Download references

Author information

Authors and Affiliations

  1. Los Alamos National Laboratory, 87545, Los Alamos, NM, USA

    Maya Gokhale, Dave Dubois, Andy Dubois, Mike Boorman, Steve Poole & Vic Hogsett

Authors
  1. Maya Gokhale
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dave Dubois
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andy Dubois
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mike Boorman
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Steve Poole
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Vic Hogsett
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institut für Datentechnik, FG Mikroelektronische Systeme, Technische Universität Darmstadt, Karlstraße 15, 64283, Darmstadt, Germany

    Manfred Glesner  & Peter Zipf  & 

  2. Microelectronics Department, LIRMM, 161 rue Ada, 34392, Montpellier Cedex, France

    Michel Renovell

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gokhale, M., Dubois, D., Dubois, A., Boorman, M., Poole, S., Hogsett, V. (2002). Granidt: Towards Gigabit Rate Network Intrusion Detection Technology. In: Glesner, M., Zipf, P., Renovell, M. (eds) Field-Programmable Logic and Applications: Reconfigurable Computing Is Going Mainstream. FPL 2002. Lecture Notes in Computer Science, vol 2438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46117-5_43

Download citation

  • DOI: https://doi.org/10.1007/3-540-46117-5_43

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44108-3

  • Online ISBN: 978-3-540-46117-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation