IEICE Electronics Express | |
High-throughput intrusion detection system with parallel pattern matching | |
Ming-Jen Chen1  Yi-Mao Hsiao1  Chung-Hsun Huang1  Yuan-Sun Chu1  | |
[1] Institute of Electrical Engineering, National Chung Cheng University | |
关键词: IDS; Snort; ASIC; | |
DOI : 10.1587/elex.9.1467 | |
学科分类:电子、光学、磁材料 | |
来源: Denshi Jouhou Tsuushin Gakkai | |
【 摘 要 】
References(7)This paper proposes a high-throughput intrusion detection system (IDS) with a bloom filter-based header comparison and parallel pattern matching for the packet content. The parallel pattern matching is a two parallel sequence comparison architecture that compares the packet content with the Snort rules. The proposed hardware IDS not only performs high throughput, but also reduces the rules memory size. As shown in post-layout simulation of the implemented application-specific integrated circuit (ASIC), the speed reaches 453MHz that performs 7.2Gbps system throughput to deal with the traffic requirement of edge speed in end user network. With 8MB off-chip SRAM, the system supports 4,020 Snort rules that the pattern number is enough for intruder signature.
【 授权许可】
Unknown
【 预 览 】
Files | Size | Format | View |
---|---|---|---|
RO201911300014050ZK.pdf | 351KB | download |