Skip to main content
SpringerLink
Log in

Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs

  • Conference paper
Field Programmable Logic and Application (FPL 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3203))

Included in the following conference series:

Abstract

This paper presents a tool for automatic synthesis of highly efficient intrusion detection systems using a high-level, graph-based partitioning methodology, and tree-based lookahead architectures. Intrusion detection for network security is a compute-intensive application demanding high system performance. This tool automates the creation of efficient FPGA architectures using system-level optimizations, a relatively unexplored field in this area. The pre-design tool allows for more efficient communication and extensive reuse of hardware components for dramatic increases in area-time performance. The tool is available online for public use.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Hutchings, B.L., Franklin, R., Carver, D.: Assisting Network Intrusion Detection with Reconfigurable Hardware. In: Proceedings of FCCM 2002 (2002)

    Google Scholar 

  2. Cho, Y., Mangione-Smith, W.H.: Deep Packet Filter with Dedicated Logic and Read Only Memories. In: The Twelfth Annual IEEE Symposium on Field Programmable Custom Computing Machines 2004, FCCM 2004 (2004)

    Google Scholar 

  3. Sourdis, I., Pnevmatikatos, D.: A Methodology for the Synthesis of Efficient Intrusion Detection Systems on FPGAs. In: The Twelfth Annual IEEE Symposium on Field Programmable Custom Computing Machines 2004, FCCM 2004 (2004)

    Google Scholar 

  4. Gokhale, M., Dubois, D., Dubois, A., Boorman, M., Poole, S., Hogsett, V.: Granidt: Towards Gigabit Rate Network Intrusion Detection. In: Glesner, M., Zipf, P., Renovell, M. (eds.) FPL 2002. LNCS, vol. 2438, p. 404. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  5. Moscola, J., Lockwood, J., Loui, R.P., Pachos, M.: Implementation of a Content- Scanning Module for an Internet Firewall. In: Proceedings of FCCM 2003 (2003)

    Google Scholar 

  6. Sourcefire: Snort: The Open Source Network Intrusion Detection System (2003), http://www.snort.org

  7. Hogwash Intrusion Detection System (2004), http://hogwash.sourceforge.net/

  8. Global Velocity (2004), http://www.globalvelocity.info/

  9. Clark, C.R., Schimmel, D.E.: Scalable Parallel Pattern Matching on High Speed Networks. In: The Twelfth Annual IEEE Symposium on Field Programmable Custom Computing Machines 2004, FCCM 2004 (2003)

    Google Scholar 

  10. Clark, C.R., Schimmel, D.E.: Efficient Reconfigurable Logic Circuits for Matching Complex Network Intrusion Detection Patterns. In: Y. K. Cheung, P., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  11. Cho, Y.H., Navab, S., Mangione-Smith, W.H.: Specialized Hardware for Deep Network Packet Filtering. In: Glesner, M., Zipf, P., Renovell, M. (eds.) FPL 2002. LNCS, vol. 2438, p. 452. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  12. Sourdis, I., Pnevmatikatos, D.: Fast, Large-Scale String Match for a 10Gbps FPGA-Based Network Intrusion Detection System. In: Y. K. Cheung, P., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  13. Baker, Z.K., Prasanna, V.K.: A Methodology for the Synthesis of Efficient Intrusion Detection Systems on FPGAs (2004) (accepted for publication at FCCM 2004)

    Google Scholar 

  14. Baker, Z.K., Prasanna, V.K.: Time and Area Efficient Pattern Matching on FPGAs. In: Proceedings of FPGA 2004 (2004)

    Google Scholar 

  15. Karypis, G., Aggarwal, R., Schloegel, K., Kumar, V., Shekhar, S.: METIS Family of Multilevel Partitioning Algorithms (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Southern California, Los Angeles, CA, USA

    Zachary K. Baker & Viktor K. Prasanna

Authors
  1. Zachary K. Baker
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Viktor K. Prasanna
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. ITIV - Universitaet Karlsruhe (TH),  

    Jürgen Becker

  2. University of Paderborn,  

    Marco Platzner

  3. IMEC, Kapeldreef 75, Leuven, Leuven, Belgium

    Serge Vernalde

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Baker, Z.K., Prasanna, V.K. (2004). Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs. In: Becker, J., Platzner, M., Vernalde, S. (eds) Field Programmable Logic and Application. FPL 2004. Lecture Notes in Computer Science, vol 3203. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30117-2_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30117-2_33

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22989-6

  • Online ISBN: 978-3-540-30117-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation