A system architecture for high-speed deep packet inspection in signature-based network intrusion prevention
- Authors
- Kim, Sunil; Lee, Jun-yong
- Issue Date
- May-2007
- Publisher
- ELSEVIER
- Keywords
- network intrusion prevention; pattern matching; embedded system architecture
- Citation
- JOURNAL OF SYSTEMS ARCHITECTURE, v.53, no.5-6, pp.310 - 320
- Journal Title
- JOURNAL OF SYSTEMS ARCHITECTURE
- Volume
- 53
- Number
- 5-6
- Start Page
- 310
- End Page
- 320
- URI
- https://scholarworks.bwise.kr/hongik/handle/2020.sw.hongik/23596
- DOI
- 10.1016/j.sysarc.2006.10.005
- ISSN
- 1383-7621
- Abstract
- Pattern matching is one of critical parts of Network Intrusion Prevention Systems (NIPS). Pattern matching hardware for NIPS should find a matching pattern at wire speed. However, that alone is not good enough. First, pattern matching hardware should be able to generate sufficient pattern match information including the pattern index number and the location of the match found at wire speed. Second, it should support pattern grouping to reduce unnecessary pattern matches. Third, it should guarantee worst-case performance even if the number of patterns is increased. Finally it should be able to update patterns in a few minutes or seconds without stopping its operations. We propose a system architecture to meet the above requirements. Using Xilinx FPGA simulation, we show that the new system scales well to achieve a high speed over 10 Gbps and satisfies all of the above requirements. (c) 2006 Elsevier B.V. All rights reserved.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - ETC > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.