Article

A high performance NIDS using FPGA-based regular expression matching

Authors:

Young Soo KimAuthors Info & Claims

SAC '07: Proceedings of the 2007 ACM symposium on Applied computing

Pages 1187 - 1191

https://doi.org/10.1145/1244002.1244259

Published: 11 March 2007 Publication History

Get Access

Abstract

A Network Intrusion Detection System (NIDS) monitors all incoming packets in the network and detects packets that are malicious to the internal system. The NIDS should also have ability to update the detection rules because new attack patterns are unpredictable. Incorporating FPGAs into the NIDS is one of the best solutions that can provide both high performance and high flexibility comparing to the other approaches such as software solutions. In this paper we propose a novel approach to design the parallel comparator of NIDS that can not only minimize additional resources but also maximize the processing performance. The performance and resource tradeoff due to the implementation of the parallel comparator in the prefix sharing is also analyzed.

References

[1]

Martin Roesch and Chris Green, Snort User's Manual. http://www.snort.org/docs/writing_rules.

Google Scholar

[2]

R. Sidhu and V. K. Prasanna, Fast Regular Expression Matching using FPGA, In Proceedings of IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01), Apr. 2001.

Digital Library

Google Scholar

[3]

Christopher R. Clark and David E. Schimmel, Design of Efficient FPGA Circuits for Matching Complex Patterns in Network Intrusion Detection Systems. In Proceedings of the 13th International Conference on Field Programmable Logic and Applications, June 2003

Google Scholar

[4]

Ioannis Sourdis and Dionisios Pnevmatikatos, Pre-decoded CAMs for Efficient and High-Speed NIDS Pattern Matching, In Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, pp. 258--267, April 2004

Digital Library

Google Scholar

[5]

James Moscola, John Lockwood, Ronald P. Loui, and Michael Pachos, Implementation of a Content-Scanning Module for an Internet Firewall, In Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machine, Apr. 2003

Digital Library

Google Scholar

[6]

Y. Cho and W. Mangione-Smith, Deep Packet Filter with Dedicated Logic and Read Only Memories, In Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, Apr. 2004

Digital Library

Google Scholar

[7]

Christopher R. Clark and David E. Schimmel, Scalable Pattern Matching for High Speed Networks, In Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, Apr. 2004

Digital Library

Google Scholar

Cited By

View all

Xu WZhou ZZhang JJiang YYi P(2023)OD-REM: On-Demand Regular Expression Matching on FPGAs for Efficient Deep Packet Inspection2023 International Conference on Field Programmable Technology (ICFPT)10.1109/ICFPT59805.2023.00029(217-226)Online publication date: 12-Dec-2023
https://doi.org/10.1109/ICFPT59805.2023.00029
Wang XHong YChang HPark KLangdale GHu JZhu HLorch JYu M(2019)HyperscanProceedings of the 16th USENIX Conference on Networked Systems Design and Implementation10.5555/3323234.3323286(631-648)Online publication date: 26-Feb-2019
https://dl.acm.org/doi/10.5555/3323234.3323286
Jiang SDuan YWu J(2019)A Client-Biased Cooperative Search Scheme in Blockchain-Based Data Markets2019 28th International Conference on Computer Communication and Networks (ICCCN)10.1109/ICCCN.2019.8847102(1-9)Online publication date: Jul-2019
https://doi.org/10.1109/ICCCN.2019.8847102
Show More Cited By

Index Terms

A high performance NIDS using FPGA-based regular expression matching
1. Computer systems organization
  1. Embedded and cyber-physical systems
  2. Real-time systems
2. Networks
  1. Network services

Recommendations

NIDS: A Network Based Approach to Intrusion Detection and Prevention
IACSIT-SC '09: Proceedings of the 2009 International Association of Computer Science and Information Technology - Spring Conference

Computer networks have added new dimensions to the global communication. But intrusions and misuses have always threatened the secured data communication over networks. Consequently, network security has come into issue. Now-a-days intrusion detection ...
Backtracking Algorithmic Complexity Attacks against a NIDS
ACSAC '06: Proceedings of the 22nd Annual Computer Security Applications Conference

Network Intrusion Detection Systems (NIDS) have become crucial to securing modern networks. To be effective, a NIDS must be able to counter evasion attempts and operate at or near wire-speed. Failure to do so allows malicious packets to slip through a ...
Hardware implementation for network intrusion detection rules with regular expression support
SAC '08: Proceedings of the 2008 ACM symposium on Applied computing

Signature-based network intrusion detection systems (NIDSs), such as Snort and Bro, rely on a rule database that describes traffic patterns for known attacks. They examine each packets flowing through a network segment and report suspicious packets to ...

Comments

Information & Contributors

Information

Published In

SAC '07: Proceedings of the 2007 ACM symposium on Applied computing

March 2007

1688 pages

ISBN:1595934804

DOI:10.1145/1244002

Conference Chairs:
Yookun Cho
Seoul National University, Seoul, Korea
,
Roger L. Wainwright
University of Tulsa, Tulsa, Oklahoma
,
Hisham M. Haddad
Kennesaw State University, Kennesaw, Georgia
,
Sung Y. Shin
South Dakota State University, Brookings, South Dakota
,
Program Chair:
Yong Wan Koo
The University of Suwon, Gyeongggi-do, Korea

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 March 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

SAC07

Sponsor:

SIGAPP

SAC07: The 2007 ACM Symposium on Applied Computing

March 11 - 15, 2007

Seoul, Korea

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
520
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Xu WZhou ZZhang JJiang YYi P(2023)OD-REM: On-Demand Regular Expression Matching on FPGAs for Efficient Deep Packet Inspection2023 International Conference on Field Programmable Technology (ICFPT)10.1109/ICFPT59805.2023.00029(217-226)Online publication date: 12-Dec-2023
https://doi.org/10.1109/ICFPT59805.2023.00029
Wang XHong YChang HPark KLangdale GHu JZhu HLorch JYu M(2019)HyperscanProceedings of the 16th USENIX Conference on Networked Systems Design and Implementation10.5555/3323234.3323286(631-648)Online publication date: 26-Feb-2019
https://dl.acm.org/doi/10.5555/3323234.3323286
Jiang SDuan YWu J(2019)A Client-Biased Cooperative Search Scheme in Blockchain-Based Data Markets2019 28th International Conference on Computer Communication and Networks (ICCCN)10.1109/ICCCN.2019.8847102(1-9)Online publication date: Jul-2019
https://doi.org/10.1109/ICCCN.2019.8847102
Jiang HYang YGuan HXie GSalamatian K(2019)A Massively Multi-Tenant Virtualized Network Intrusion Prevention Service on NFV Platform2019 28th International Conference on Computer Communication and Networks (ICCCN)10.1109/ICCCN.2019.8846924(1-9)Online publication date: Jul-2019
https://doi.org/10.1109/ICCCN.2019.8846924
Tachon T(2019)Parallel Matching of Regular Expressions with BSP Automata2019 International Conference on High Performance Computing & Simulation (HPCS)10.1109/HPCS48598.2019.9188181(953-960)Online publication date: Jul-2019
https://doi.org/10.1109/HPCS48598.2019.9188181
Guo GXin YYu XLiu LCao H(2019)A Fast IP Matching Algorithm Under Large TrafficArtificial Intelligence and Security10.1007/978-3-030-24268-8_23(246-255)Online publication date: 11-Jul-2019
https://doi.org/10.1007/978-3-030-24268-8_23
Choi BChae JJamshed MPark KHan DArgyraki KIsaacs R(2016)DFCProceedings of the 13th Usenix Conference on Networked Systems Design and Implementation10.5555/2930611.2930647(551-565)Online publication date: 16-Mar-2016
https://dl.acm.org/doi/10.5555/2930611.2930647
Lee CLin YChen Y(2015)A Hybrid CPU/GPU Pattern-Matching Algorithm for Deep Packet InspectionPLOS ONE10.1371/journal.pone.013930110:10(e0139301)Online publication date: 5-Oct-2015
https://doi.org/10.1371/journal.pone.0139301
Bremler-Barr ADavid SHarchol YHay D(2015)Leveraging traffic repetitions for high-speed deep packet inspection2015 IEEE Conference on Computer Communications (INFOCOM)10.1109/INFOCOM.2015.7218648(2578-2586)Online publication date: Apr-2015
https://doi.org/10.1109/INFOCOM.2015.7218648
Heorhiadi VFayaz SReiter MSekar V(2014)SNIPS: A Software-Defined Approach for Scaling Intrusion Prevention Systems via OffloadingInformation Systems Security10.1007/978-3-319-13841-1_2(9-29)Online publication date: 2014
https://doi.org/10.1007/978-3-319-13841-1_2
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

NIDS: A Network Based Approach to Intrusion Detection and Prevention

Backtracking Algorithmic Complexity Attacks against a NIDS

Hardware implementation for network intrusion detection rules with regular expression support

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

NIDS: A Network Based Approach to Intrusion Detection and Prevention

Backtracking Algorithmic Complexity Attacks against a NIDS

Hardware implementation for network intrusion detection rules with regular expression support

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations