This paper introduces a novel FPGA-based signature match co-processor that can serve as the core of a hardware-based network intrusion detection system (NIDS). The key feature of the signature match co-processor is an architecture based on the shift-or algorithm, which employs simple shift registers, or-gates, and ROMs where patterns are stored. As compared with related work, experimental results show that the proposed work achieves higher throughput and less hardware resource in the FPGA implementations of NIDS systems.

Keywords: network intrusion detection system, FPGA implementation, pattern matching, shift-or algorithm, string searching

Retrieve PDF document (200807_15.pdf)

Received July 4, 2006; revised September 26, 2006; accepted October 25, 2006.
Communicated by Tzong-Chen Wu.
^*This paper was presented in part at the IEEE International Conference on Field Programmable Logic and Applications (FPL 2006), Madrid Spain, August 2006. This project is partially supported by the Center for Infrastructure Assurance and Security at UTSA and US Air Force under grant #26-0200-62.