期刊论文详细信息
IEICE Electronics Express
High-throughput intrusion detection system with parallel pattern matching
Ming-Jen Chen1  Yi-Mao Hsiao1  Chung-Hsun Huang1  Yuan-Sun Chu1 
[1] Institute of Electrical Engineering, National Chung Cheng University
关键词: IDS;    Snort;    ASIC;   
DOI  :  10.1587/elex.9.1467
学科分类:电子、光学、磁材料
来源: Denshi Jouhou Tsuushin Gakkai
PDF
【 摘 要 】

References(7)This paper proposes a high-throughput intrusion detection system (IDS) with a bloom filter-based header comparison and parallel pattern matching for the packet content. The parallel pattern matching is a two parallel sequence comparison architecture that compares the packet content with the Snort rules. The proposed hardware IDS not only performs high throughput, but also reduces the rules memory size. As shown in post-layout simulation of the implemented application-specific integrated circuit (ASIC), the speed reaches 453MHz that performs 7.2Gbps system throughput to deal with the traffic requirement of edge speed in end user network. With 8MB off-chip SRAM, the system supports 4,020 Snort rules that the pattern number is enough for intruder signature.

【 授权许可】

Unknown   

【 预 览 】
附件列表
Files Size Format View
RO201911300014050ZK.pdf 351KB PDF download
  文献评价指标  
  下载次数:3次 浏览次数:12次