FPGA-based Pattern Matching for Network Intrusion Detection System

Intrusion detection systems(IDS)are crucial in network security today.Software-based IDS could not meet the bandwidth requirements of modern high speed Network because the pattern matching program is prone to cause bottleneck in the case of large database.Hardware techniques are desired to be a good way to solve this problem.According to the characteristics of IDS,a parellel matching architecture was proposed,which was suitable for variable-length matching and keywords reconfiguration.The techniques to realized it with FPGA was discussed.An example was developed by this method and the simulation results indicate that the matching speed is very high and the FPGA resource usage is effective.Therefore the techniques are valuable and helpful for many applications in the fields of high speed network.