FPGA-based SoC for real-time network intrusion detection using counting bloom filters

Computers face an ever increasing number of threats from hackers, viruses and other malware; effective Network Intrusion Detection (NID) before a threat affects end-user machines is critical for both financial and national security. As the number of threats and network speeds increase (over 1 gigabit/sec), users of conventional software based NID methods must choose between protection or higher data rates.

[1]  B. Ravichandran,et al.  Statistical traffic modeling for network intrusion detection , 2000, Proceedings 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (Cat. No.PR00728).

[2]  Andrei Broder,et al.  Network Applications of Bloom Filters: A Survey , 2004, Internet Math..

[3]  M. V. Ramakrishna,et al.  A Performance Study of Hashing Functions for Hardware Applications , 1994 .

[4]  Haoyu Song,et al.  Fast hash table lookup using extended bloom filter: an aid to network processing , 2005, SIGCOMM '05.

[5]  F.L. Fontaine,et al.  A Reconfigurable FPGA-based 16-Channel Front-End for MRI , 2006, 2006 Fortieth Asilomar Conference on Signals, Systems and Computers.

[6]  John W. Lockwood,et al.  SIFT: snort intrusion filter for TCP , 2005, 13th Symposium on High Performance Interconnects (HOTI'05).

[7]  John W. Lockwood,et al.  Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware , 2003 .

[8]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[9]  Robert K. Cunningham,et al.  Results of the DARPA 1998 Offline Intrusion Detection Evaluation , 1999, Recent Advances in Intrusion Detection.

[10]  Sarang Dharmapurikar,et al.  Implementation results of bloom filters for string matching , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[11]  John W. Lockwood,et al.  Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.

[12]  Kai-Min Chung,et al.  Why simple hash functions work: exploiting the entropy in a data stream , 2008, SODA '08.