High-speed string matching for network intrusion detection Online publication date: Mon, 03-Aug-2009
by Benfano Soewito, Atul Mahajan, Ning Weng, Haibo Wang
International Journal of Communication Networks and Distributed Systems (IJCNDS), Vol. 3, No. 4, 2009
Abstract: Intrusion detection systems are promising techniques to improve internet security. A daunting challenge in the design of internet intrusion detection systems is how to perform high-speed string matching operations. This paper presents a string matching architecture, consisting of software based classifiers and hardware based verifiers. Based on incoming packet contents, the packet classifiers can dramatically reduce the number of strings to be matched and accordingly, feed the packet to a proper verifier to conduct matching. The paper presents the proposed classifier architecture and discusses the trade-offs in the classifier design. In addition, techniques, including multi-threading FSM, high-speed FSM interface circuits and interconnects for high-speed verifier implementation on FPGA platforms are discussed. Experimental results are presented to explore the trade-offs between system performance, strings partition granularity and hardware resource cost.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Communication Networks and Distributed Systems (IJCNDS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook