Design and Implementation of a String Matching System for Network Intrusion Detection using FPGA-based low power multiple-hashing Bloom Filters

Modern Network Intrusion Detection Systems (NIDS) inspect the network packet payload to check if it conforms to the security policies of the given network. This process, often referred to as deep packet inspection, involves detection of predefined signature strings or keywords starting at an arbitrary location in the payload. String matching is a computationally intensive task and can become a potential bottleneck without high-speed processing. Since the conventional software-implemented string matching algorithms have not kept pace with the increasing network speeds, special purpose hardware, Field Programmable Gate Arrays (FPGAs), have been introduced. A Bloom filter is a simple spaceefficient randomized data structure for representing a set in order to support string matching of Network Intrusion Detection System (NIDS). Bloom filters allow false positives but the space savings often outweigh this drawback when the probability of an error is controlled. FPGAs have achieved sufficient capability to performing complex network processing in programmable hardware. Network devices utilizing FPGAs show a desirable balance between performance and flexibility, which makes FPGA preferable to pure software and ASIC solutions. We present an implementation of low power multiple hashing bloom filter using FPGAs. We describe how multiple hashing Bloom filters can be implemented feasibly on Xilinx XCV2000E FPGA.