Malicious attacks and threats over network can be identified and prevented by Intrusion detection system (IDS). Essential ability of every intrusion detection system is to search and find packet content that can matches distinguished attacks. An open source Network Intrusion Detection System (NIDS) is Snort that utilizes signatures/rules for detecting irregular network activities. Softwarebased IDSmay not be continued to process all traffic in real-time when network traffic increased. On the other hand, hardware based IDS are best suited for computing and serious processing on network traffic and can keep up high network throughput. This paper, contributes Buffered Boyer-Moore string-matching algorithm using FPGA that drastically increase throughput and improve its performance on hardware implementations. The projected performance as Performance Efficiency Metric (PEM) 21.3 enables system to do 19.2 Gbps of throughput and implies a significant difference obtained when processing large number of payload.
Digital Object Identifier (DOI)
Armstrong Joseph, J.; Korah, Reeba; and Salivahanan, S.
"Efficient String Matching FPGA for speed up Network Intrusion Detection,"
Applied Mathematics & Information Sciences: Vol. 12
, Article 14.
Available at: https://dc.naturalspublishing.com/amis/vol12/iss2/14