BROWSE
Detail
Conference Paper
Memory-efficient content filtering hardware for high-speed intrusion detection systems
Cited 15 time in 
Share 
Share
- Authors
- Sung Won Yi, Byoung-Koo Kim, Jin Tae Oh, Jong Soo Jang, George Kesidis, Chita R. Da
- Issue Date
- 2007-03
- Citation
- Symposium on Applied Computing (SAC) 2007, pp.264-269
- Language
- English
- Type
- Conference Paper
- Abstract
- Content filtering-based Intrusion Detection Systems have been widely deployed in enterprise networks, and have become a standard measure to protect networks and network users from cyber attacks. Although several solutions have been proposed recently, finding an efficient solution is considered as a difficult problem due to the limitations in resources such as a small memory size, as well as the growing link speed. In this paper, we present a novel content filtering technique called Table-driven Bottom-up Tree (TBT), which was designed i) to fully exploit hardware parallelism to achieve real-time packet inspection, ii) to require a small memory for storing signatures, iii) to be flexible in modifying the signature database, and iv) to support complex signature representation such as regular expressions. We configured TBT considering the hardware specifications and limitations, and implemented it using a FPGA. Simulation based performance evaluations showed that the proposed technique used only 350 Kilobytes of memory for storing the latest version of SNORT rule consisting of 2770 signatures. In addition, unlike many other hardware-based solutions, modification to signature database does not require hardware re-compilation in TBT. Copyright 2007 ACM.
- KSP Keywords
- Bottom-Up, Content filtering, Cyber attacks, Detection Systems(IDS), Efficient solution, Filtering technique, Hardware parallelism, High Speed, Memory size, Packet inspection, Performance evaluation