An Efficient Multi-hash Pattern Matching Scheme for Intrusion Detection in FPGA-based Reconfiguring Hardware

Many Network-based Intrusion Detection Systems (NIDSs) are developed till now to respond these network,attacks. As network technology presses forward, Gigabit Ethernet has become the actual standard for large network installations. Therefore, software solutions in developing high-speed NIDSs are increasingly impractical. It thus appears well motivated to investigate the hardware-based solutions. Although several solutions have been proposed recently, finding an efficient solution is considered as a difficult problem due to the limitations in resources such as a small memory size, as well as the growing link speed. Therefore, we propose the FPGA-based intrusion detection technique to detect and respond variant attacks on high-speed links. It was designed to fully exploit hardware parallelism to achieve real-time packet inspection, to require a small memory for storing signature. The technique is a part of our system, called ATPS (Adaptive Threat Prevention System) recently developed. Most of all, the proposed system has a novel content filtering technique called Table-driven Bottom-up Tree (TBT) for exact string matching. But, as the number of signatures to be compared is growing rapidly, the improved mechanism is required. In this paper, we present the multi-bash based TBT technique with memory-efficiency. Simulation based performance evaluations showed that the proposed technique used on-chip SRAM less than 20% of the one-hash based TBT technique.