Novel FPGA-Based Signature Matching for Deep Packet Inspection

Abstract : Deep packet inspection forms the backbone of any Network Intrusion Detection (NID) system. It involves matching known malicious patterns against the incoming traffic payload. Pattern matching in software is prohibitively slow in comparison to current network speeds. Thus, only FPGA (Field-Programmable Gate Array) or ASIC (Application-Specific Integrated Circuit) solutions could be efficient for this problem. Our FPGA-based solution performs high-speed matching while permitting pattern updates without resource reconfiguration. An off-line optimization method first finds sub-pattern similarities across all the patterns in the SNORT database of signatures [17]. A novel technique then compresses each pattern into a bit vector where each bit represents such a sub-pattern. Our approach reduces drastically the required on-chip storage as well as the complexity of matching, utilizing just 0.05 logic cells for processing and 17.74 bits for storage per character in the current SNORT database of 6456 patterns.
Type de document :
Communication dans un congrès
Pierangela Samarati; Michael Tunstall; Joachim Posegga; Konstantinos Markantonakis; Damien Sauveron. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. Springer, Lecture Notes in Computer Science, LNCS-6033, pp.261-276, 2010, Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. 〈10.1007/978-3-642-12368-9_21〉
Liste complète des métadonnées

Littérature citée [16 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01056079
Contributeur : Hal Ifip <>
Soumis le : jeudi 14 août 2014 - 17:58:18
Dernière modification le : vendredi 11 août 2017 - 15:12:40
Document(s) archivé(s) le : jeudi 27 novembre 2014 - 01:36:10

Fichier

60330263.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Nitesh B. Guinde, Sotirios G. Ziavras. Novel FPGA-Based Signature Matching for Deep Packet Inspection. Pierangela Samarati; Michael Tunstall; Joachim Posegga; Konstantinos Markantonakis; Damien Sauveron. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. Springer, Lecture Notes in Computer Science, LNCS-6033, pp.261-276, 2010, Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. 〈10.1007/978-3-642-12368-9_21〉. 〈hal-01056079〉

Partager

Métriques

Consultations de la notice

105

Téléchargements de fichiers

158