Name
Abstract | ||
|---|---|---|
As the Internet grows at a very rapid pace, so does the incidence of attack events and documented unlawful intrusions. The Network Intrusion Detection Systems (NIDSes) are designed to identify attacks against networks or a host that are invisible to firewalls, thus providing an additional layer of security. NIDSes detect and filter the malicious packets by inspecting packet payloads to find worm signatures. The payload inspection operation dominates the throughput of an NIDS since every byte of packet payload needs to be examined. At network speeds of 1 Gbps or above, it can be difficult to keep up with intrusion detection in software, and hardware systems or software with hardware assist are normally required. This paper presents FTSE, a Ternary Content Addressable Memory (TCAM) based pattern matching engine. In this paper we show how FTSE can be used effectively to perform string matching for thousands of strings at multiple-gigabit speed. We also describe how FTSE can be implemented feasibly with an FPGA/ASIC, a 2.25Mb TCAM, and a small SSRAM. Our analysis shows that this approach for string matching is very effective and the throughput of our design can achieve up to 8 Gbps for 2,085 snort rules. |
Year | DOI | Venue |
|---|---|---|
2005 | 10.1109/ISCC.2005.75 | ISCC |
Keywords | DocType | ISBN |
attack event,Ternary Content Addressable Memory,FNP-Like TCAM Searching Engine,payload inspection operation,packet payload,additional layer,hardware system,intrusion detection,malicious packet,string matching,Network Intrusion Detection Systems | Conference | 0-7695-2373-0 |
Citations | PageRank | References |
0 | 0.34 | 0 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Chia-Nan Kao | 1 | 74 | 8.20 |
| Hung-Shen Wu | 2 | 5 | 1.26 |
| Ming-Chang Shih | 3 | 1 | 2.05 |