TY - GEN
T1 - The cost effective pre-processing based NFA pattern matching architecture for NIDS
AU - Chang, Yeim Kuan
AU - Chang, Chen Rong
AU - Su, Cheng Chien
PY - 2010
Y1 - 2010
N2 - Network Intrusion Detection System (NIDS) is a system which can detect network attacks resulted from worms and viruses on the Internet. An efficient pattern matching algorithm plays an important role in NIDS. There have been many proposed methods for pattern matching algorithms. Traditionally, the multi-character NFA that is capable of matching multiple characters per cycle can be built by duplicating entire circuit of 1-character architecture. In this paper, we propose a pre-processing based architecture to improve the original multi-character architecture. The design of the proposed architecture and its implementation in FPGA are described in details. Our simulation results show that the proposed architecture performs better than all the existing Brute-Force based approaches in terms of the throughput and the slice utilization. Specifically, the proposed architectures of 2-character and 4-character designs can achieve the throughputs of 4.68 and 7.27 Gbps and the slice utilization of 2.86 and 2.10 in terms of char/slice, respectively.
AB - Network Intrusion Detection System (NIDS) is a system which can detect network attacks resulted from worms and viruses on the Internet. An efficient pattern matching algorithm plays an important role in NIDS. There have been many proposed methods for pattern matching algorithms. Traditionally, the multi-character NFA that is capable of matching multiple characters per cycle can be built by duplicating entire circuit of 1-character architecture. In this paper, we propose a pre-processing based architecture to improve the original multi-character architecture. The design of the proposed architecture and its implementation in FPGA are described in details. Our simulation results show that the proposed architecture performs better than all the existing Brute-Force based approaches in terms of the throughput and the slice utilization. Specifically, the proposed architectures of 2-character and 4-character designs can achieve the throughputs of 4.68 and 7.27 Gbps and the slice utilization of 2.86 and 2.10 in terms of char/slice, respectively.
UR - http://www.scopus.com/inward/record.url?scp=77954346502&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77954346502&partnerID=8YFLogxK
U2 - 10.1109/AINA.2010.42
DO - 10.1109/AINA.2010.42
M3 - Conference contribution
AN - SCOPUS:77954346502
SN - 9780769540184
T3 - Proceedings - International Conference on Advanced Information Networking and Applications, AINA
SP - 385
EP - 391
BT - 24th IEEE International Conference on Advanced Information Networking and Applications, AINA 2010
T2 - 24th IEEE International Conference on Advanced Information Networking and Applications, AINA2010
Y2 - 20 April 2010 through 23 April 2010
ER -