Automatic Compilation Framework for Bloom Filter Based Intrusion Detection

Virus detection at the router level is rapidly gaining in importance. Hardware-based implementations have the advantage of speed and hence can support a large throughput. In this paper we describe an FPGA-based implementation of the Bloom filter virus detection code that is compiled from the native C to VHDL and mapped onto a Virtex XC2V8000 FPGA. Our results show that a single engine tailored for handling virus signatures of length eight bytes can achieve a throughput of 18.6 Gbps while occupying only 8% of the FPGA area.

[1]  John W. Lockwood,et al.  Implementation of a content-scanning module for an Internet firewall , 2003, 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2003. FCCM 2003..

[2]  Viktor K. Prasanna,et al.  High-throughput linked-pattern matching for intrusion detection systems , 2005, 2005 Symposium on Architectures for Networking and Communications Systems (ANCS).

[3]  Sarang Dharmapurikar,et al.  Implementation results of bloom filters for string matching , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[4]  Steve Poole,et al.  Granidt: Towards Gigabit Rate Network Intrusion Detection Technology , 2002, FPL.

[5]  Christopher R. Clark,et al.  Scalable pattern matching for high speed networks , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[6]  Dionisios N. Pnevmatikatos,et al.  Hashing + memory = low cost, exact pattern matching , 2005, International Conference on Field Programmable Logic and Applications, 2005..

[7]  William H. Mangione-Smith,et al.  Specialized Hardware for Deep Network Packet Filtering , 2002, FPL.

[8]  Dionisios N. Pnevmatikatos,et al.  Fast, Large-Scale String Match for a 10Gbps FPGA-Based Network Intrusion Detection System , 2003, FPL.

[9]  Fadi J. Kurdahi,et al.  Fast area estimation to support compiler optimizations in FPGA-based reconfigurable systems , 2002, Proceedings. 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[10]  Kees A. Vissers,et al.  Optimized generation of data-path from C codes for FPGAs , 2005, Design, Automation and Test in Europe.

[11]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.