The Design and Implementation of Network Intrusion Detection System Hardware on FPGA

김택훈; SangKyun Yun

Journal of The Korea Society of Computer and Information

Abbr : JKSCI
2012, 17(4), pp.11-18
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science

김택훈 ¹, SangKyun Yun ²

¹연세대학교
²연세대학교

ABSTRACT

Deep packet inspection which perform pattern matching to search for malicious patterns in the packet is most computationally intensive task. Hardware-based pattern matching is required for real-time packet inspection in high-speed network. In this paper, we have designed and implemented network intrusion detection hardware as a Microblaze-based SoC using Virtex-6 FPGA, which capture the network input packet, perform hardware-based pattern matching for patterns in the Snort rule, and provide the matching result to the software. We verify the operation of the implemented system using traffic generator and real network traffic. The implemented hardware can be used in network intrusion detection system operated in wire-speed.
KEYWORDS

Instrusion Detection, FPGA, Pattern Matching Hardware
REFERENCES (11)

[web] / Snort web site / http://www.snort.org

[web] / Bro web site / http://bro-ids.org

[web] / PCRE-Perl Compatible Regular Expressions / http://www.pcre.org

[confproc] R. Sidhu / 2001 / Fast Regular Expression Matching using FPGAs / IEEE Symp. Field- Programmable Custom Computing Machines, (FCCM'01) : 227~238

[confproc] C. R. Clark / 2004 / Scalable Parallel Pattern Matching on High Speed Networks / IEEE Symp. Field-Programmable Custom Computing Machines (FCCM'04) : 249~257

[journal] C. -H. Lin / 2007 / Optimization of Pattern Matching Circuits for Regular Expression on FPGA / IEEE Trans. VLSI Systems 15(12) : 1303~1310

[journal] 윤상균 / 2009 / A Hardware Architecture of Multibyte-based Regular Expression Pattern Matching for NIDS / 한국통신학회논문지B / 한국통신학회 34(1) : 47~55

[journal] 윤상균 / 2011 / A Hardware Architecture of Regular Expression Pattern Matching for Deep Packet Inspection / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 16(5) : 13~22

[journal] T. Katashita / 2007 / FPGA-Based Intrusion Detection System for 10Gigabit Ethernet / IEICE Trans. Info. & Sys E90-D(12) : 1923~1931

[web] / Xilinx ML605 Evaluation Kit / http://www.xilinx.com/products/devkits/EK-V6-ML605-G.htm

[web] / Xilinx PLB IPIF IP CORE Datasheet / http://www.xilinx.com/support/documentation/ip_documentation/plb_ipif.pdf
KCI Citation (1)

KJC Korea
Journal Central

Statistics

Tools