BROWSE
Detail
Conference Paper
An Efficient Multi-hash Pattern Matching Scheme for Intrusion Detection in FPGA-based Reconfiguring Hardware
Cited - time in 
Share 
Share
- Authors
- Byoung Koo Kim, Seung Yong Yoon, Jin Tae Oh
- Issue Date
- 2008-11
- Citation
- International Conference on Applied Computer Science (ACS) 2008, pp.199-204
- Publisher
- WSEAS
- Language
- English
- Type
- Conference Paper
- Abstract
- Many Network-based Intrusion Detection Systems (NIDSs) are developed till now to respond these network attacks. As network technology presses forward, Gigabit Ethernet has become the actual standard for large network installations. Therefore, software solutions in developing high-speed NIDSs are increasingly impractical. It thus appears well motivated to investigate the hardware-based solutions. Although several solutions have been proposed recently, finding an efficient solution is considered as a difficult problem due to the limitations in resources such as a small memory size, as well as the growing link speed. Therefore, we propose the FPGA-based intrusion detection technique to detect and respond variant attacks on high-speed links. It was designed to fully exploit hardware parallelism to achieve real-time packet inspection, to require a small memory for storing signature. The technique is a part of our system, called ATPS (Adaptive Threat Prevention System) recently developed. Most of all, the proposed system has a novel content filtering technique called Table-driven Bottom-up Tree (TBT) for exact string matching. But, as the number of signatures to be compared is growing rapidly, the improved mechanism is required. In this paper, we present the multi-hash based TBT technique with memory-efficiency. Simulation based performance evaluations showed that the proposed technique used on-chip SRAM less than 20% of the one-hash based TBT technique.
- KSP Keywords
- Bottom-Up, Content filtering, Detection Systems(IDS), Efficient solution, Exact string matching, Filtering technique, Hardware parallelism, Intrusion Detection Technique, Large network, Memory size, Network Attack