ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Conference Paper An Efficient Multi-hash Pattern Matching Scheme for Intrusion Detection in FPGA-based Reconfiguring Hardware
Cited - time in scopus Share share facebook twitter linkedin kakaostory
Authors
Byoung Koo Kim, Seung Yong Yoon, Jin Tae Oh
Issue Date
2008-11
Citation
International Conference on Applied Computer Science (ACS) 2008, pp.199-204
Publisher
WSEAS
Language
English
Type
Conference Paper
Abstract
Many Network-based Intrusion Detection Systems (NIDSs) are developed till now to respond these network attacks. As network technology presses forward, Gigabit Ethernet has become the actual standard for large network installations. Therefore, software solutions in developing high-speed NIDSs are increasingly impractical. It thus appears well motivated to investigate the hardware-based solutions. Although several solutions have been proposed recently, finding an efficient solution is considered as a difficult problem due to the limitations in resources such as a small memory size, as well as the growing link speed. Therefore, we propose the FPGA-based intrusion detection technique to detect and respond variant attacks on high-speed links. It was designed to fully exploit hardware parallelism to achieve real-time packet inspection, to require a small memory for storing signature. The technique is a part of our system, called ATPS (Adaptive Threat Prevention System) recently developed. Most of all, the proposed system has a novel content filtering technique called Table-driven Bottom-up Tree (TBT) for exact string matching. But, as the number of signatures to be compared is growing rapidly, the improved mechanism is required. In this paper, we present the multi-hash based TBT technique with memory-efficiency. Simulation based performance evaluations showed that the proposed technique used on-chip SRAM less than 20% of the one-hash based TBT technique.
KSP Keywords
Bottom-Up, Content filtering, Detection Systems(IDS), Efficient solution, Exact string matching, Filtering technique, Hardware parallelism, Intrusion Detection Technique, Large network, Memory size, Network Attack