A Studying on Implementation of NIDS Pattern Matching Based on FPGA


Article Preview

Intrusion detection for network security is an application area demanding high throughput. The pattern matching in intrusion detection requires extremely high performance to process string matching. Most of pattern matching using software has many time complexities and cannot reach the requirements of high throughput. The pattern matching using hardware considerably improves the speed of matching and has several other advantages. This paper describes a FPGA-based pattern matching architecture, using hashing method called XOR Hashing. The proposed method updates new patterns without reconfiguration and processes the collision and has high matching performance. The proposed system implements the pattern matching by using Snort rule-set, an open source Network Intrusion Detection and has simulation processing on PC. Compared with existing hardware method, the results explained that our method has relatively high performance for the pattern matching and can else process the pattern matching with high performance on low–cost FPGA device.



Advanced Materials Research (Volumes 403-408)

Edited by:

Li Yuan




J. J. Li et al., "A Studying on Implementation of NIDS Pattern Matching Based on FPGA", Advanced Materials Research, Vols. 403-408, pp. 1985-1988, 2012

Online since:

November 2011




[1] Janardhan Singaraju, John A. Chandy, FPGA based string matching for network processing applications[J], Microprocessors and Microsystems, June 2008, 32( 4), : 210-222.

DOI: https://doi.org/10.1016/j.micpro.2007.11.001

[2] Chun Jason Xue, Zili Shao, MeiLin Liu, QingFeng Zhuge and Edwin H. -M. Sha4, T. -W. Kuo et al. (Eds. ), Parallel Network Intrusion Detection on Reconfigurable Platforms[J], EUC (2007).

DOI: https://doi.org/10.1007/978-3-540-77092-3_8

[3] Katashita T., Maeda A., Toda K., Yamaguchi Y., A Method of Generating Highly Efficient String Matching Circuit for Intrusion Detection[C], Field Programmable Logic and Applications, 2006. FPL '06. International Conference on ,: 1 - 4.

DOI: https://doi.org/10.1109/fpl.2006.311317

[4] Bispo J., Sourdis I., Cardoso J.M.P., Vassiliadis S., Regular expression matching for reconfigurable packet inspection[C], Field Programmable Technology, 2006. FPT 2006. IEEE International Conference on, Dec. 2006,: 119 – 126.

DOI: https://doi.org/10.1109/fpt.2006.270302

[5] Tran Ngoc Thinh, Kittitornkun S., Tomiyama S., Applying Cuckoo Hashing for FPGA-based Pattern Matching in NIDS/NIPS[C], Field-Programmable Technology, 2007. ICFPT 2007. International Conference on, 12-14 Dec. 2007,: 121 - 128.

DOI: https://doi.org/10.1109/fpt.2007.4439240

[6] SNORT: The Open Source Network Intrusion Detection System. http: /www. snort. org.

[7] Sourcefire. Snort rule optimizer. In: www. sourcefire. com/whitepapers, (2008).

[8] J. Allen et al., State of the Practice of Intrusion Detection Technologies[J], TechReport CMU/SEI-99-TR-028, Carnegie Mellon Univ., Software Engineering Inst., Pittsburgh, (2000).

DOI: https://doi.org/10.21236/ada375846

[9] S. Yusuf,W. Luk M.K.N. Szeto, and W. Osborne. Unite: Uniform hardware-based network intrusion detection engine[J]. In Int. Workshop on Applied Reconfigurable Computing, 2006, : 389 – 400.

DOI: https://doi.org/10.1007/11802839_47