Previous 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18


Journal of Information Science and Engineering, Vol. 24 No. 4, pp. 1229-1239 (July 2008)

Network Intrusion Detection Based on Shift-OR Circuit*

Huang-Chun Roan, Wen-Jyi Hwang, Wei-Jhih Huang and Chia-Tien Dan Lo+
Department of Computer Science and Information Engineering
National Taiwan Normal University
Taipei, 117 Taiwan
*Department of Computer Science
University of Texas at San Antonio
San Antonio, TX 78249, U.S.A.

This paper introduces a novel FPGA-based signature match co-processor that can serve as the core of a hardware-based network intrusion detection system (NIDS). The key feature of the signature match co-processor is an architecture based on the shift-or algorithm, which employs simple shift registers, or-gates, and ROMs where patterns are stored. As compared with related work, experimental results show that the proposed work achieves higher throughput and less hardware resource in the FPGA implementations of NIDS systems.

Keywords: network intrusion detection system, FPGA implementation, pattern matching, shift-or algorithm, string searching

Full Text () Retrieve PDF document (200807_15.pdf)

Received July 4, 2006; revised September 26, 2006; accepted October 25, 2006.
Communicated by Tzong-Chen Wu.
*This paper was presented in part at the IEEE International Conference on Field Programmable Logic and Applications (FPL 2006), Madrid Spain, August 2006. This project is partially supported by the Center for Infrastructure Assurance and Security at UTSA and US Air Force under grant #26-0200-62.