Abstract
To meet the future internet traffic challenges, enhancement of hardware architectures related to network security has vital role where software security algorithms are incompatible with high speed in terms of Giga bits per second (Gbps). In this paper, we discuss signature detection technique (SDT) used in network intrusion detection system (NIDS). Design of most commonly used hardware based techniques for signature detection such as finite automata, discrete comparators, Knuth-Morris-Pratt (KMP) algorithm, content addressable memory (CAM) and Bloom filter are discussed. Two novel architectures, XOR based pre computation CAM (XPCAM) and multi stage look up technique (MSLT) Bloom filter architectures are proposed and implemented in third party field programmable gate array (FPGA), and area and power consumptions are compared. 10Gbps network traffic generator (TNTG) is used to test the functionality and ensure the reliability of the proposed architectures. Our approach involves a unique combination of algorithmic and architectural techniques that outperform some of the current techniques in terms of performance, speed and powerefficiency.
Article PDF
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
References
D. J. Day, Z. X. Zhao. Protecting against address space layout randomization (ASLR) compromises and return-to-Libc attacks using network intrusion detection systems. International Journal of Automation and Computing, vol. 8, no. 4, pp. 472–483, 2011.
S. S. S. Sindhu, S. Geetha, M. Marikannan, A. Kannan. A neuro-genetic based short-term forecasting framework for network intrusion prediction system. International Journal of Automation and Computing, vol. 6, no. 4, pp. 406–414, 2009.
H. Shrikumar. 40Gbps de-layered silicon protocol engine for TCP record. In Proceedings of Design, Automation and Test in Europe, IEEE, Munich, Germany, pp. 1–6, 2006.
D. V. Pryor, M. R. Thistle, N. Shirazi. Text searching on splash 2. In Proceedings of IEEE Symposium on FPGAs for Custom Computing Machines, IEEE, Napa, USA, pp. 172–177, 1993.
R. Sidhu, V. K. Prasanna. Fast regular expression matching using FPGAs. In Proceedings of IEEE Symposium on Field-Programmable Custom Computing Machines, IEEE, Rohnert Park, USA, pp. 227–238, 2001.
R. Franklin, D. Carver, B. L. Hutchings. Assisting network intrusion detection with reconfigurable hardware. In Proceedings of IEEE Symposium on Field-Programmable Custom Computing Machines, IEEE, Napa, USA, pp. 111–120, 2002.
J. Moscola, J. Lockwood, R. P. Loui, M. Pachos. Implementation of a content-scanning module for an internet firewall. In Proceedings of IEEE Symposium on Field-Programmable Custom Computing Machines, IEEE, pp. 31–38, 2003.
C. R. Clark, D. E. Schimmel. Efficient reconfigurable logic circuit for matching complex network intrusion detection patterns. Lecture Notes in Computer Science, Springer, vol. 2778, pp. 956–959, 2003.
C. R. Clark, D. E. Schimmel. Scalable parallel patternmatching for high-speed networks. In Proceedings of IEEE Symposium on Field-Programmable Custom Computing Machines, IEEE, pp. 249–257, 2004.
Y. H. Cho, W. H. Mangione-Smith. Deep packet filter with dedicated logic and read only memories. In Proceedings of IEEE Symposium on Field-Programmable Custom Computing Machines, IEEE, pp. 125–134, 2004.
Z. K. Baker, V. K. Prasanna. Time and area efficient reconfigurable pattern matching on FPGAs. In Proceedings of ACM International Symposium on Field-Programmable Gate Arrays, ACM, Monterey, USA, pp. 223–232, 2004.
S. Dharmapurikar, P. Krishnamurthy, T. S. Sproull, J. W. Lockwood. Deep packet inspection using parallel bloom filters. IEEE Micro, vol. 24, no. 1, pp. 52–61, 2004.
K. Pagiamtzis, A. Sheikholeslami. Content-addressable memory (CAM) circuits and architectures: A tutorial and survey. IEEE Journal of Solid-State Circuits, vol. 41, no. 3, pp. 712–727, 2006.
H. Miyatake, M. Tanaka, Y. Mori. A design for high-speedlow power CMOS fully parallel content-addressable memory macros. IEEE Journal of Solid-State Circuits, vol. 6, no. 6, pp. 956–968, 2001.
I. Arsovski, A. Sheikholeslami. A mismatch-dependent power allocation technique for match-line sensing in content-addressable memories. IEEE Journal of Solid-State Circuits, vol. 38, no. 11, pp. 1958–1966, 2003.
H. Cai, P. Ge, J. Wang. Applications of bloom filters in peer-to-peer systems: Issues and questions. In Proceedings of International Conference on Networking, Architecture, and Storage, IEEE, Chongqing, China, pp. 97–103, 2008.
C. S. Lin, J. C. Chang, B. D. Liu. A low-power precomputation-based fully parallel content-addressable memory. IEEE Journal of Solid-State Circuits, vol. 38, no. 4, pp. 654–662, 2003.
B. H. Bloom. Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, vol. 13, no. 7, pp. 422–426, 1970.
J. L. Carter, M. Wegman. Universal classes of hash functions. Journal of Computer and System Sciences, vol. 18, no. 2, pp. 143–154, 1979.
I. Kaya, T. Kocak. Low-power Bloom filter architecture for deep packet inspection. IEEE Communications Letters, vol. 10, no. 3, pp. 210–212, 2006.
I. Sourdis, D. Pnevmatikatos. Fast, large-scale string match for a network intrusion detection system. In Proceedings of International Conference on Field Programmable Logic and Applications, pp. 880–889, 2003.
B. L. Hutchings, R. Franklin, D. Carver. Assisting network intrusion detection with reconfigurable hardware. In Proceedings of IEEE Symposium on Field-Programmable Custom Computer, IEEE, Napa, USA, pp. 111–120, 2006.
R. P. Lippmann, D. J. Fried, I. Graf, J. W. Haines, K. R. Kendall, D. McClung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, M. A. Zissman. Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. In Proceedings of DARPA Information Survivability Conference and Exposition, IEEE, Hilton Head, USA, vol. 2, pp. 12–26, 2000.
Author information
Authors and Affiliations
Corresponding author
Additional information
M. Arun received the B. Eng. degree in electrical and electronics engineering from Thiagarajar College of Engineering, Madurai, India in 2002, and M.Eng. degree in VLSI design from Anna University, Chennai, India in 2004 and he is a Ph.D. candidate at Anna University, Chennai, India. He is currently an associate professor in the Department of Electronics Engineering at Sri Krishna College of Engineering, Coimbatore, India. He has published over 8 papers in international journals and 3 in technical conferences. He is a member of IEEE an ISTE.
His research interests include low power VLSI, high performance computer networks, and quantum reversible logic.
A. Krishnan received his B. Sc. degree in physics from Madras University, Chennai India in 1963, B. Eng. degree in electrical engineering from College of Engineering, Chennai, India in 1966, M. Eng. in control systems from PSG College of Technology, Coimbatore, India and Ph.D. degree from Indian Institute of Technology, Kanpur, India in 1979. He is currently the dean at K. S. Rangasamy College of Technology, Tiruchengode, India. He has published over 160 papers in journals and technical conferences. He is a senior member of IEEE and ISTE.
His research interests include control systems and digital systems.
Rights and permissions
About this article
Cite this article
Arun, M., Krishnan, A. Functional verification of signature detection architectures for high speed network applications. Int. J. Autom. Comput. 9, 395–402 (2012). https://doi.org/10.1007/s11633-012-0660-2
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11633-012-0660-2