Intrusion Detection System Intended for Multigigabit Networks

Intrusion Detection System Intended for Multigigabit Networks

Paper in proceedings outside WoS and Scopus

Network intrusion detection systems (IDS) are becoming an important toolfor securing critical information and infrastructure. Currentsoftware-based IDS often fails to keep up with high-speed network links soa hardware based IDS is requested. This paper deals with design andimplementation of complete hardware accelerated IDS solution based onField-Programmable Gate Array (FPGA). Core generator for automatic mappingof IDS rules to FPGA logic was designed to assure fast packetclassification and high speed pattern matching. Proposed architecture hasbeen evaluated on a COMBO6X card with FPGA Virtex-II Pro. Using COMBO6Xcard theoretical throughput 6.4~Gbps was achieved for all Snort rules. Thedesigned system can be configured by rules described in Snort format usingweb interface.

Network intrusion detection systems (IDS) are becoming an important toolfor securing critical information and infrastructure. Currentsoftware-based IDS often fails to keep up with high-speed network links soa hardware based IDS is requested. This paper deals with design andimplementation of complete hardware accelerated IDS solution based onField-Programmable Gate Array (FPGA). Core generator for automatic mappingof IDS rules to FPGA logic was designed to assure fast packetclassification and high speed pattern matching. Proposed architecture hasbeen evaluated on a COMBO6X card with FPGA Virtex-II Pro. Using COMBO6Xcard theoretical throughput 6.4~Gbps was achieved for all Snort rules. Thedesigned system can be configured by rules described in Snort format usingweb interface.

Traffic Scanner, Snort, IDS, pattern matching

Traffic Scanner, Snort, IDS, pattern matching

KOŘENEK, J.; KOBIERSKÝ, P.

24.08.2007

IEEE Computer Society

Krakow

978-1-4244-1161-0

2007 IEEE Design and Diagnostics of Electronic Circuits and Systems

361

364

4