Sciweavers

FCCM
2004
IEEE

A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs

14 years 4 months ago
A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs
Intrusion detection for network security is a computation intensive application demanding high system performance. System level design, a relatively unexplored field in this area, allows more efficient communication and extensive reuse of hardware components for dramatic increases in area-time performance. By applying optimization strategies to the entire database, we reduce hardware requirements compared to architectures designed with single pattern matchers in mind. We present a methodology for system-wide integration of graph-based partitioning of large intrusion detection pattern databases. Integrating ruleset-based graph creation and min-cut partitioning, our methodology allows efficient multi-byte comparisons and partial matches for high performance FPGA-based network security. Through pre-processing, this methodology yields designs with competitive clock frequencies that are a minimum of 8x more area efficient than any other shift-andcompare architectures, and 2x that of other ...
Zachary K. Baker, Viktor K. Prasanna
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2004
Where FCCM
Authors Zachary K. Baker, Viktor K. Prasanna
Comments (0)