Sciweavers

FPL
2005
Springer

Bitwise Optimised CAM for Network Intrusion Detection Systems

14 years 6 months ago
Bitwise Optimised CAM for Network Intrusion Detection Systems
String pattern matching is a computationally expensive task, and when implemented in hardware, it can consume a large amount of resources for processing and storage. This paper presents a novel technique, based on a tree-based content addressable memory structure, for a pattern matching engine for use in a hardware-based network intrusion detection system. This technique involves hardware sharing at bit level in order to exploit powerful logic optimisations for multiple strings represented as a boolean expression. Our approach has been used to implement the entire SNORT rule set with around 12% of the area on a Xilinx XC2V8000 FPGA. The design can run at a rate of approximately 2.5 Gigabits per second, and is approximately 30% smaller in area when compared with published results. The performance of our design can be improved further by having multiple designs operating in parallel.
Sherif Yusuf, Wayne Luk
Added 27 Jun 2010
Updated 27 Jun 2010
Type Conference
Year 2005
Where FPL
Authors Sherif Yusuf, Wayne Luk
Comments (0)