Sciweavers

ARC
2006
Springer

UNITE: Uniform Hardware-Based Network Intrusion deTection Engine

14 years 4 months ago
UNITE: Uniform Hardware-Based Network Intrusion deTection Engine
Abstract. Current software implementations of network intrusion detection reach a maximum network connection speed of about 1Gbps (Gigabits per second). This paper analyses the Snort software network intrusion detection system to highlight the bottlenecks of such systems. It proposes a novel packet processing engine called UNITE that deploys a uniform hardware architecture to perform both header classification and payload signature extraction utilising a Content Addressable Memory (CAM) which is optimised by techniques based on Binary Decision Diagrams (BDDs). The proposed design has been implemented on an XC2VP30 FPGA, and we achieve an operating frequency of 350MHz and a processing speed in excess of 2.8Gbps. The area resource usage for UNITE is also shown to be efficient, with a Look Up Tables (LUTs) per character ratio of 0.82 for a rule set of approximately 20,000 characters.
Sherif Yusuf, Wayne Luk, M. K. N. Szeto, William G
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Where ARC
Authors Sherif Yusuf, Wayne Luk, M. K. N. Szeto, William G. Osborne
Comments (0)