Functional Verification of Signature Detection Architectures for High Speed Network Applications

作     者：M.Arun A.Krishnan 

作者机构：Department of Electronics and Communication Engineering Sri Krishna College of Engineering and Technology K.S.Rangasamy College of Technology 

出 版 物：《International Journal of Automation and computing》 (国际自动化与计算杂志（英文版）)

年 卷 期：2012年第9卷第4期

页      面：395-402页

核心收录：

学科分类：0839[工学-网络空间安全] 08[工学] 

主　　题：Signature detection network intrusion detection system (NIDS) content addressable memory (CAM) Bloom filter network security 

摘      要：To meet the future internet traffic challenges, enhancement of hardware architectures related to network security has vital role where software security algorithms are incompatible with high speed in terms of Giga bits per second (Gbps). In this paper, we discuss signature detection technique (SDT) used in network intrusion detection system (NIDS). Design of most commonly used hardware based techniques for signature detection such as finite automata, discrete comparators, Knuth-Morris-Pratt (KMP) algorithm, content addressable memory (CAM) and Bloom filter are discussed. Two novel architectures, XOR based pre computation CAM (XPCAM) and multi stage look up technique (MSLT) Bloom filter architectures are proposed and implemented in third party field programmable gate array (FPGA), and area and power consumptions are compared. 10Gbps network traffic generator (TNTG) is used to test the functionality and ensure the reliability of the proposed architectures. Our approach involves a unique combination of algorithmic and architectural techniques that outperform some of the current techniques in terms of performance, speed and powerefficiency.