High Throughput Signature Based Platform for Network Intrusion Detection

  • José Manuel Bande Serrano
  • José Hernández Palancar
  • René Cumplido
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8259)


In this work we propose the intensive use of embedded memory blocks and logic blocks of the FPGA device for signature matching. In our approach we arrange signatures in memory arrays (MA) of embedded memory blocks, so that every signature is matched in one clock cycle. The matching logic is shared among all the signatures in one MA. In addition, we propose a character recodification method that allows memory bits savings, leading to a low byte/character cost. For fast memory addressing we employ the unique substring detection, in doing so we process four bytes per clock cycle while hardware replication is significantly reduced.


NIDS string matching content scanning FPGA unique substrings 


  1. 1.
    Endorf, C., Schultz, E., Mellander, J.: Intrusion detection and prevention. Mc-Graw-Hill (2004)Google Scholar
  2. 2.
    Ghorbani, A., Lu, W., Tavallaee, M.: Network intrusion detection and prevention: concepts and techniques, vol. 47. Springer (2010)Google Scholar
  3. 3.
    Baker, Z.K., Prasanna, V.K.: Automatic synthesis of efficient intrusion detection systems on fpgas. IEEE Trans. Dependable Secur. Comput. 3(4), 289–300 (2006)CrossRefGoogle Scholar
  4. 4.
    Hwang, W.J., Ou, C.M., Shih, Y.-N., Lo, C.T.D.: High throughput and low area cost fpga-based signature match circuit for network intrusion detection. Journal of the Chinese Institute of Engineers 32(3), 397–405 (2009)CrossRefGoogle Scholar
  5. 5.
    Kennedy, A., Wang, X., Liu, Z., Liu, B.: Ultra-high throughput string matching for deep packet inspection. In: Proceedings of the Conference on Design, Automation and Test in Europe, DATE 2010, pp. 399–404 (2010)Google Scholar
  6. 6.
    Lin, C.-H., Chang, S.-C.: Efficient pattern matching algorithm for memory architecture. IEEE Trans. Very Large Scale Integr. Syst. 19(1), 33–41 (2011)CrossRefGoogle Scholar
  7. 7.
    Guinde, N.B., Ziavras, S.G.: Efficient hardware support for pattern matching in network intrusion detection. Computers & Security 29(7), 756–769 (2010)CrossRefGoogle Scholar
  8. 8.
    Prasanna, V.K., Le, H.: A Memory-Efficient and Modular Approach for Large-Scale String Pattern Matching. IEEE Transactions on Computers 62(5), 844–857 (2013)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Serrano, J.M.B., Palancar, J.H.: String alignment pre-detection using unique subsequences for FPGA-based network intrusion detection. Computer Communications 35(6), 720–728 (2012)CrossRefGoogle Scholar
  10. 10.
    Serrano, J.M.B., Palancar, J.H., Cumplido, R.: Multi-character cost-effective and high throughput architecture for content scanning. In: Microprocessors and Microsystems (in press, 2013) (accepted manuscript), available online August 22:
  11. 11.
    Wang, H., Pu, S., Knezek, G., Liu, J.-C.: MIN-MAX: A Counter-Based Algorithm for Regular Expression Matching. IEEE Transactions on Parallel and Distributed Systems 24(1), 92–103 (2013)CrossRefGoogle Scholar
  12. 12.

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • José Manuel Bande Serrano
    • 1
  • José Hernández Palancar
    • 1
  • René Cumplido
    • 2
  1. 1.Advanced Technologies Application CenterHavanaCuba
  2. 2.Instituto Nacional de Astrofísica Optica y ElectrónicaPueblaMéxico

Personalised recommendations