UNITE: Uniform Hardware-Based Network Intrusion deTection Engine

14 years 3 months ago

Download www.diadem-firewall.org

Abstract. Current software implementations of network intrusion detection reach a maximum network connection speed of about 1Gbps (Gigabits per second). This paper analyses the Snort software network intrusion detection system to highlight the bottlenecks of such systems. It proposes a novel packet processing engine called UNITE that deploys a uniform hardware architecture to perform both header classification and payload signature extraction utilising a Content Addressable Memory (CAM) which is optimised by techniques based on Binary Decision Diagrams (BDDs). The proposed design has been implemented on an XC2VP30 FPGA, and we achieve an operating frequency of 350MHz and a processing speed in excess of 2.8Gbps. The area resource usage for UNITE is also shown to be efficient, with a Look Up Tables (LUTs) per character ratio of 0.82 for a rule set of approximately 20,000 characters.

Sherif Yusuf, Wayne Luk, M. K. N. Szeto, William G

Real-time Traffic

ARC 2006 | Hardware | Network Connection Speed | Network Intrusion Detection | Network Intrusion Detection System |

claim paper

Post Info
More Details (n/a)

Added	20 Aug 2010
Updated	20 Aug 2010
Type	Conference
Year	2006
Where	ARC
Authors	Sherif Yusuf, Wayne Luk, M. K. N. Szeto, William G. Osborne

Comments (0)

Sciweavers

UNITE: Uniform Hardware-Based Network Intrusion deTection Engine

ARC 2006 | Hardware | Network Connection Speed | Network Intrusion Detection | Network Intrusion Detection System |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers