A Common On-board Hardware Architecture for Intrusion Detection System
An Intrusion Detection System (IDS) implements pattern matching approach on the network traffic to find the malicious packets carrying attack signatures. In this paper, a common Field Programmable Gate Array (FPGA) based on-board hardware architecture which is compatible with both ordinary string and Perl Compatible Regular Expression (PCRE) pattern matching is proposed to accelerate IDS. Furthermore, a flexible storage structure which is suitable for many general hardware matching algorithms and an optimized combinational logic circuit structure for PCRE matching are designed. With the synchronization of a connection decoder, ordinary string matching module coordinates with PCRE matching module to implement string-PCRE mixed rule.
FPGA IDS PCRE pattern matching
Chao Kong Bo Yang Zhiping Jia Zhenxiang Chen
School of Computer Science and Technology Shandong University Jinan, China School of Information Science and Engineering University of Jinan Jinan, China
国际会议
武汉
英文
1058-1061
2009-11-18(万方平台首次上网日期,不代表论文的发表时间)