A FPGA-based deep packet inspection engine for Network Intrusion Detection System

Pattern matching has became a bottleneck of software based Network Intrusion Detection System (NIDS) as the number of signature have recently increased dramatically. Many FPGA-based architectures for detecting malicious patterns have been proposed recently. However, these approaches have just considered matching pattern separately while more and more complex combination of several patterns are utilized to describe intrusion activities. In this paper we present our work which concentrates on multi-pattern signature and propose a FPGA-based deep packet inspection engine for NIDS. The system can support both static and dynamic patterns. We employ Snort signature set and realize our system on NetFPGA platform. The evaluation on real network environment shows that our system can maintain gigabit line rate throughput without dropping packets.

[1]  Viktor K. Prasanna,et al.  A methodology for synthesis of efficient intrusion detection systems on FPGAs , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[2]  Viktor K. Prasanna,et al.  High-throughput linked-pattern matching for intrusion detection systems , 2005, 2005 Symposium on Architectures for Networking and Communications Systems (ANCS).

[3]  John W. Lockwood,et al.  Deep packet inspection using parallel Bloom filters , 2003, 11th Symposium on High Performance Interconnects, 2003. Proceedings..

[4]  Viktor K. Prasanna,et al.  Compact architecture for high-throughput regular expression matching on FPGA , 2008, ANCS '08.

[5]  Surin Kittitornkun,et al.  Massively Parallel Cuckoo Pattern Matching Applied for NIDS/NIPS , 2010, 2010 Fifth IEEE International Symposium on Electronic Design, Test & Applications.

[6]  Brad L. Hutchings,et al.  Assisting network intrusion detection with reconfigurable hardware , 2002, Proceedings. 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[7]  Tran Huy Vu,et al.  Optimization of Regular Expression Processing Circuits for NIDS on FPGA , 2011, 2011 Second International Conference on Networking and Computing.