Design and Implementation of a String Matching System for Network Intrusion Detection using FPGA-based Bloom Filters

Authors

Sarang Dharmapurikar, Washington University in St. Louis
Michael Attig, Washington University in St. Louis
John Lockwood, Washington University in St. Louis

Document Type

Technical Report

Publication Date

2004-03-25

Filename

wucse-2004-12.pdf

Technical Report Number

WUCSE-2004-12

Abstract

Modern Network Intrusion Detection Systems (NIDS) inspect the network packet payload to check if it conforms to the security policies of the given network. This process, of-ten referred to as deep packet inspection, involves detection of predefined signature strings or keywords starting at an arbitrary location in the payload. String matching is a computationally intensive task and can become a potential bottleneck without high-speed processing. Since the conventional software-implemented string matching algorithms have not kept pace with the increasing network speeds, special purpose hardware solutions have been introduced. In this paper we show how Bloom filters can be used effectively to perform string matching for thousands of strings at wire speed. We describe how Bloom filters can be implemented feasibly on commodity FPGA. Our analysis shows that this approach for string matching is more effective than the current FPGA-based solutions which use Deterministic or Non-deterministic Finite Automata (DFA or NFA). Fi-nally, we give the details of our implementation of string matching technique on Xilinx XCV 2000E FPGA.

Comments

Permanent URL: http://dx.doi.org/10.7936/K7R78CKP

Recommended Citation

Dharmapurikar, Sarang; Attig, Michael; and Lockwood, John, "Design and Implementation of a String Matching System for Network Intrusion Detection using FPGA-based Bloom Filters" Report Number: WUCSE-2004-12 (2004). All Computer Science and Engineering Research.
https://openscholarship.wustl.edu/cse_research/984