Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Efficient Reconfigurable Logic Circuits for Matching Complex Network Intrusion Detection Patterns

  • Conference paper
  • First Online:
Field Programmable Logic and Application (FPL 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2778))

Included in the following conference series:

Abstract

This paper presents techniques for designing pattern matching circuits for complex regular expressions, such as those found in network intrusion detection patterns. We have developed a pattern-matching co-processor that supports all the pattern matching functions of the Snort rule language [3]. In order to achieve maximum pattern capacity and throughput, the design focuses on minimizing circuit area while maintaining high clock speed. Using our approach, we are able to store the entire current Snort rule database consisting of over 1,500 rules and 17,000 characters into a single one-million-gate FPGA while comparing all patterns against traffic at gigabit rates.

Christopher R. Clark: This work was supported in part by NSF Grant 9876573 and by a grant from Intel Corporation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Allen, J., et al.: State of the Practice of Intrusion Detection Technologies. Technical Report CMU/SEI-99-TR-028 (1999)

    Google Scholar 

  2. Roberts, L.G.: Beyond Moore’s Law: Internet Growth Trends. IEEE Computer, 117–119 (January 2000)

    Google Scholar 

  3. Martin Roesch and Chris Green. Snort User’s Manual, http://www.snort.org

  4. Fisk, M., Varghese, G.: Fast Content-Based Packet Handling for Intrusion Detection, Technical Report UCSD CS2001-0670 (May 2001)

    Google Scholar 

  5. Jason Coit, C., Staniford, S., McAlerney, J.: Towards Faster String Matching for Intrusion Detection. In: DARPA Information Survivability Conference (June 2001)

    Google Scholar 

  6. Sidhu, R., Prasanna, V.K.: Fast Regular Expression Matching using FPGAs. In: Proceedings of IEEE FCCM 2001 (April 2001)

    Google Scholar 

  7. Franklin, R., Carver, D., Hutchings, B.L.: Assisting Network Intrusion Detection with Reconfigurable Hardware. In: Proceedings of IEEE FCCM 2002, April 2002, pp. 111–120 (2002)

    Google Scholar 

  8. Bellows, P., Hutchings, B.L.: JHDL—An HDL for Reconfigurable Systems. In: Proceedings of IEEE FCCM 1998, April 1998, pp. 175–184 (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Electrical and Computer Engineering, Georgia Institute of Technology, GA, 30332, Atlanta, USA

    Christopher R. Clark & David E. Schimmel

Authors
  1. Christopher R. Clark
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David E. Schimmel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Electrical and Electronic Engineering, Imperial College London, Exhibition Road, SW7 2BT, London, UK

    Peter Y. K. Cheung

  2. Department of Electrical & Electronic Engineering, Imperial College London, Exhibition Road, SW7 2BT, London, UK

    George A. Constantinides

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Clark, C.R., Schimmel, D.E. (2003). Efficient Reconfigurable Logic Circuits for Matching Complex Network Intrusion Detection Patterns. In: Y. K. Cheung, P., Constantinides, G.A. (eds) Field Programmable Logic and Application. FPL 2003. Lecture Notes in Computer Science, vol 2778. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45234-8_94

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-45234-8_94

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40822-2

  • Online ISBN: 978-3-540-45234-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation