A pattern matching co-processor for network security
Young H. Cho,William H. Mangione-Smith +1 more
- 13 Jun 2005
- pp 234-239
TL;DR: This work has been able to program the filters to match all the payload patterns defined in the widely used Snort network intrusion detection system at a rate above 7 Gbps, with memory space left to accommodate threat signatures that become available in the future.
read more
Abstract: It has been estimated that computer network worms and virus caused the loss of over $55B in 2003. Network security system use techniques such as deep packet inspection to detect the harmful packets. While software intrusion detection system running on general purpose processors can be updated in response to new attacks. They lack the processing power to monitor gigabit networks. We present a high performance pattern matching co-processor architecture that can be used to monitor and identify a large number of intrusion signature. The design consists of a bank of pattern matchers that are used to implement a highly concurrent filter. The pattern matchers can be programmed to match multiple patterns of various lengths, and are able to leverage the existing databases of threat signatures. We have been able to program the filters to match all the payload patterns defined in the widely used Snort network intrusion detection system at a rate above 7 Gbps, with memory space left to accommodate threat signatures that become available in the future.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Kargus: a highly-scalable software-based intrusion detection system
Muhammad Asim Jamshed,Jihyung Lee,Sangwoo Moon,Insu Yun,Deokjin Kim,Sungryoul Lee,Yung Yi,KyoungSoo Park +7 more
- 16 Oct 2012
TL;DR: Kargus is presented, a highly-scalable software-based IDS that exploits the full potential of commodity computing hardware and is designed to be compatible with the most popular software IDS, Snort.
Patent
High-Performance Context-Free Parser for Polymorphic Malware Detection
Young H. Cho,William H. Mangione-Smith +1 more
- 18 Apr 2006
TL;DR: In this paper, a method and apparatus for advanced network intrusion detection using deep packet inspection that can recognize languages described by context-free grammars is presented, which is capable of detecting languages expressed in LL(I or LR(I) grammar.
Patent
Packet routing with payload analysis, encapsulation and service module vectoring
James D. Bennett
- 05 May 2006
TL;DR: In this article, the authors propose a packet analysis, encapsulation and vectoring framework for Internet infrastructure with service module manager and service modules, that supports packet analysis and interleaving applications.
63
A memory-efficient pipelined implementation of the aho-corasick string-matching algorithm
Derek Pao,Wei Lin,Bin Liu +2 more
TL;DR: This article presents a memory-efficient hardware implementation of the well-known Aho-Corasick (AC) string-matching algorithm using a pipelining approach called P-AC, and can double the system throughput by duplicating the control logic such that the system can process two data streams concurrently.
59
Deep network packet filter design for reconfigurable devices
TL;DR: In this article, the authors designed scalable deep-packet filters on field-programmable gate arrays (FPGAs) to search for all data-independent patterns simultaneously, which can scale linearly to support a greater number of patterns, as well as higher data throughput.
References
Efficient string matching: an aid to bibliographic search
TL;DR: A simple, efficient algorithm to locate all occurrences of any of a finite number of keywords in a string of text that has been used to improve the speed of a library bibliographic search program by a factor of 5 to 10.
Scalable pattern matching for high speed networks
Christopher R. Clark,D.E. Schimmel +1 more
- 20 Apr 2004
TL;DR: The efficiency of the technique enables a current-generation FPGA device to support pattern-matching at network rates from 1 Gbps to 100 Gbps and beyond and offers flexible trade-offs between character capacity, throughput, and data bus width and rate.
357
Deep packet filter with dedicated logic and read only memories
Young H. Cho,William H. Mangione-Smith +1 more
- 20 Apr 2004
TL;DR: These design methods allow the filter for 2064 attack patterns to map onto a single Xilinx Spartan 3-XC3S2000 FPGA with a filtering rate of over 3 Gbps of network traffic.
187
Granidt: Towards Gigabit Rate Network Intrusion Detection Technology
Maya Gokhale,D. DuBois,A. DuBois,Mike Boorman,Steve Poole,Vic Hogsett +5 more
- 02 Sep 2002
TL;DR: A novel application of reconfigurable computing to the problem of computer network security by filteringne twork packets with customized logic circuits, which can search headers as well as packet content for specific signatures at Gigabit Ethernet line rate.
154
A methodology for synthesis of efficient intrusion detection systems on FPGAs
Zachary K. Baker,Viktor K. Prasanna +1 more
- 20 Apr 2004
TL;DR: This work presents a methodology for system-wide integration of graph-based partitioning of large intrusion detection pattern databases that yields designs with competitive clock frequencies that are a minimum of 8x more area efficient than previous non-predecoded shift-and-compare architectures.
140
Related Papers (5)
Christopher R. Clark,D.E. Schimmel +1 more
- 20 Apr 2004
Fang Yu,Randy H. Katz,T. V. Lakshman +2 more
- 05 Oct 2004