Novel FPGA-Based Signature Match Circuit for Efficient Network Intrusion Detection
نویسنده
چکیده
This paper introduces a novel FPGA-based signature match co-processor that can serve as the core of a hardware-based network intrusion detection system (NIDS). The key feature of the signature match co-processor is an architecture based on the shift-or algorithm, which employs simple shift registers, or-gates, and ROMs where patterns are stored. As compared with related work, experimental results show that the proposed work achieves higher throughput and less hardware resource in the FPGA implementations of NIDS systems. Key-Words: Network Intrusion Detection System, FPGA implementation, Pattern Matching
منابع مشابه
تولید خودکار الگوهای نفوذ جدید با استفاده از طبقهبندهای تک کلاسی و روشهای یادگیری استقرایی
In this paper, we propose an approach for automatic generation of novel intrusion signatures. This approach can be used in the signature-based Network Intrusion Detection Systems (NIDSs) and for the automation of the process of intrusion detection in these systems. In the proposed approach, first, by using several one-class classifiers, the profile of the normal network traffic is established. ...
متن کاملFPGA-based ROM-free network intrusion detection using shift-OR circuit
This paper introduces a novel FPGA-based signature match co-processor that can serve as the core of a hardware-based network intrusion detection system (NIDS). The co-processor is based on simple shift registers and bitmap encoders for the efficient signature match in hardware. As compared with related work, experimental results show that the proposed work achieves higher throughput and less ha...
متن کاملEfficient Logic Circuit for Network Intrusion Detection
A novel architecture for a hardware-based network intrusion detection system (NIDS) is presented in this paper. The system adopts an FPGA-based signature match co-processor as a core for the NIDS. The signature matcher is based on an algorithm that employs simple shift registers, or-gates, and ROMs in which patterns are stored. As compared with related work, experimental results show that the p...
متن کاملNetwork Intrusion Detection Based on Shift-OR Circuit
This paper introduces a novel FPGA-based signature match co-processor that can serve as the core of a hardware-based network intrusion detection system (NIDS). The key feature of the signature match co-processor is an architecture based on the shift-or algorithm, which employs simple shift registers, or-gates, and ROMs where patterns are stored. As compared with related work, experimental resul...
متن کاملNovel FPGA-Based Signature Matching for Deep Packet Inspection
Deep packet inspection forms the backbone of any Network Intrusion Detection (NID) system. It involves matching known malicious patterns against the incoming traffic payload. Pattern matching in software is prohibitively slow in comparison to current network speeds. Thus, only FPGA (Field-Programmable Gate Array) or ASIC (ApplicationSpecific Integrated Circuit) solutions could be efficient for ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007