Sciweavers

FCCM
2004
IEEE

Deep Packet Filter with Dedicated Logic and Read Only Memories

14 years 4 months ago
Deep Packet Filter with Dedicated Logic and Read Only Memories
Searching for multiple string patterns in a stream of data is a computationally expensive task. The speed of the search pattern module determines the overall performance of deep packet inspection firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS). For example, one open source IDS configured for 845 patterns, can sustain a throughput of only 50 Mbps running on a dual 1-GHz Pentium III system. Using such systems would not be practical for filtering high speed networks with over 1 Gbps traffic. Some of these systems are implemented with field programmable gate arrays (FPGA) so that they are fast and programmable. However, such FPGA filters tend to be too large to be mapped on to a single FPGA. By sharing the common sub-logic in the design, we can effectively shrink the footprint of the filter. Then, for a large subset of the patterns, the logic area can be further reduced by using a memory based architecture. These design methods allow our filter for 206...
Young H. Cho, William H. Mangione-Smith
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2004
Where FCCM
Authors Young H. Cho, William H. Mangione-Smith
Comments (0)