1 / 15

Implementing High-speed String Matching Hardware for Network Intrusion Detection Systems

Implementing High-speed String Matching Hardware for Network Intrusion Detection Systems. Author: Atul Mahajan, Benfano Soewito, Sai K. Parsi, Ning Weng and Haibo Wang Publisher: Proceedings of the 16th international ACM/SIGDA symposium on Field programmable gate arrays, FPGA  2008 Presenter:

ila-richard
Download Presentation

Implementing High-speed String Matching Hardware for Network Intrusion Detection Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Implementing High-speed String Matching Hardware for Network Intrusion Detection Systems Author: Atul Mahajan, Benfano Soewito, Sai K. Parsi, Ning Weng and Haibo Wang Publisher: Proceedings of the 16th international ACM/SIGDA symposium on Field programmable gate arrays, FPGA 2008 Presenter: Chin-Chung Pan Date:2009/11/11

  2. Outline • Introduction • Techniques for high-throughput verifier Design • Multi-threading FSM • High-speed interface circuit design • Minimizing FSM interconnect delay • Experimental Results

  3. Introduction • The classifier arranges incoming packets into three categories: malicious, suspected or benign. • Only suspected packets are fed to FSMs (verifiers) for further verification. In addition, classifiers confine the patterns that need to be checked for each suspected packet.

  4. Outline • Introduction • Techniques for high-throughput verifier Design • Multi-threading FSM • High-speed interface circuit design • Minimizing FSM interconnect delay • Experimental Results

  5. Multi-threading FSM • We use P[i] to represent the ith byte of the packet to be examined by the FSM. S[i] denotes the state that FSM reaches after reading the ith byte of the packet.

  6. Multi-threading FSM • During the odd clock cycles, data from Packet P1 are fed to the FSM. In an even clock cycle, the FSM takes input from Packet P2.

  7. High-speed interface circuit design P1[4] P2[4] P1[3] P2[3] P1[2] P2[2] P1[1] P2[1] P1[1]

  8. Minimizing FSM interconnect delay • the input packet path not only has large fan-out but also travels long distance.

  9. Minimizing FSM interconnect delay P2[2] P2[1] CD GH EF AB P1[1] P1[1] P1[2] P1[1] P1[2] P1[1] P1[2] CD AB GH EF P2[1] P2[1] P2[2] P2[2] P2[1] IJ KL

  10. Outline • Introduction • Techniques for high-throughput verifier Design • Multi-threading FSM • High-speed interface circuit design • Minimizing FSM interconnect delay • Experimental Results

  11. Experimental Results • FSM clock frequency versus number of threads. It’s maximum throughput is above 4 Gbits/s.

  12. Experimental Results • Interconnect delay with different FSM sizes.

  13. Experimental Results • DFF utilization in multi-threading FSMs.

  14. Experimental Results • The design approaches used in the study are: (a) a single FSM with the size of 200, (b) two FSMs of the size 100, and (c) four FSMs of the size 50.

  15. Experimental Results • After four pipeline stages are added to some input path branches, the delay of partitioned interconnect segments can be quickly reduced to less than 2ns. The FSMs operation at the clock frequency of 500MHz.

More Related