This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs
October-December 2006 (vol. 3 no. 4)
pp. 289-300
This paper presents a methodology and a tool for automatic synthesis of highly efficient intrusion detection systems using a high-level, graph-based partitioning methodology and tree-based lookahead architectures. Intrusion detection for network security is a compute-intensive application demanding high system performance. The tools implement and automate a customizable flow for the creation of efficient Field Programmable Gate Array (FPGA) architectures using system-level optimizations. Our methodology allows for customized performance through more efficient communication and extensive reuse of hardware components for dramatic increases in area-time performance.

[1] Sourcefire, “Snort: The Open Source Network Intrusion Detection System,” http:/www.snort.org, 2003.
[2] Hogwash Intrusion Detection System, 2004, http:/hogwash. sourceforge.net/.
[3] Y. Cho and W.H. Mangione-Smith, “Deep Packet Filter with Dedicated Logic and Read Only Memories,” Proc. 12th Ann. IEEE Symp. Field Programmable Custom Computing Machines (FCCM '04), pp. 125-134, 2004.
[4] L. Schaelicke, K. Wheeler, and C. Freeland, “SPANIDS: A Scalable Network Intrusion Detection Loadbalancer,” Proc. Computing Frontiers Conf., pp. 315-322, 2005.
[5] B.L. Hutchings, R. Franklin, and D. Carver, “Assisting Network Intrusion Detection with Reconfigurable Hardware,” Proc. 10th Ann. Field-Programmable Custom Computing Machines (FCCM '02), pp. 111-120, 2002.
[6] M. Gokhale, D. Dubois, A. Dubois, M. Boorman, S. Poole, and V. Hogsett, “Granidt: Towards Gigabit Rate Network Intrusion Detection,” Proc. 13th Ann. ACM/SIGDA Int'l Conf. Field-Programmable Logic and Applications (FPL '03), pp. 404-413, 2003.
[7] R. Sidhu, A. Mei, and V.K. Prasanna, “String Matching on Multicontext FPGAs Using Self-Reconfiguration,” Proc. Seventh Ann. ACM/SIGDA Int'l Symp. Field Programmable Gate Arrays (FPGA '99), pp. 217-226, 1999.
[8] C.R. Clark and D.E. Schimmel, “Scalable Parallel Pattern Matching on High Speed Networks,” Proc. 12th Ann. IEEE Symp. Field Programmable Custom Computing Machines (FCCM '04), pp. 249-257, 2004.
[9] Z.K. Baker and V.K. Prasanna, “Time and Area Efficient Pattern Matching on FPGAs,” Proc. 12th Ann. ACM Int'l Symp. Field-Programmable Gate Arrays (FPGA '04), pp. 223-232, 2004.
[10] S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. Lockwood, “Implementation of a Deep Packet Inspection Circuit Using Parallel Bloom Filters in Reconfigurable Hardware,” Proc. 11th Ann. IEEE Symp. High Performance Interconnects (HOTi '03), pp. 49-51, 2003.
[11] C.R. Clark and D.E. Schimmel, “Efficient Reconfigurable Logic Circuits for Matching Complex Network Intrusion Detection Patterns,” Proc. 13th ACM/SIGDA Int'l Conf. Field-Programmable Logic and Applications (FPL '03), pp. 956-959, 2003.
[12] B. So, M.W. Hall, and P.C. Diniz, “A Compiler Approach to Fast Design Space Exploration in FPGA-Based Systems,” Proc. ACM Conf. Programming Language Design and Implementation (PLDI '02), pp. 165-176, June 2002.
[13] M. Haldar, A. Nayak, N. Shenoy, A. Choudhary, and P. Banerjee, “FPGA Hardware Synthesis from MATLAB,” Proc. VLSI Design Conf., pp. 299-304, Jan. 2001.
[14] P. Bellows and B. Hutchings, “JHDL: An HDL for Reconfigurable Systems,” Proc. Sixth Ann. IEEE Symp. Field Programmable Custom Computing Machines (FCCM '98), pp. 175-184, 1998.
[15] J. Moscola, J. Lockwood, R.P. Loui, and M. Pachos, “Implementation of a Content-Scanning Module for an Internet Firewall,” Proc. 11th Ann. IEEE Symp. Field-Programmable Custom Computing Machines (FCCM '03), pp. 31-38, 2003.
[16] Global Velocity, http:/www.globalvelocity.info/, 2005.
[17] P. Jones, S. Padmanabhan, D. Rymarz, J. Maschmeyer, D. Schuehler, J. Lockwood, and R. Cytron, “Liquid Architecture,” Proc. 18th Ann. IEEE Int'l Parallel and Distributed Processing Symp. (IPDPS '04), pp. 202-210, 2004.
[18] Y. Ha, P. Schaumont, M. Engles, S. Vernalde, F. Patargent, L. Rijnders, and H.D. Man, “A Hardware Virtual Machine for Networked Reconfiguration,” Proc. IEEE Conf. Rapid System Prototyping (RSP '00), pp. 194-199, June 2000.
[19] C. Joit, S. Staniford, and J. McAlerney, “Towards Faster String Matching for Intrusion Detection,” http:/www.silicondefense. com, 2003.
[20] R. Boyer and J. Moore, “A Fast String Searching Algorithm,” Comm. ACM, vol. 20, no. 10, pp. 762-772, Oct. 1977.
[21] A. Aho and M. Corasick, “Efficient String Matching: An Aid to Bibliographic Search,” Comm. ACM, vol. 18, no. 6, pp. 333-340, June 1975.
[22] R. Sidhu and V.K. Prasanna, “Fast Regular Expression Matching using FPGAs,” Proc. Ninth Ann. IEEE Symp. Field-Programmable Custom Computing Machines (FCCM '01), pp. 227-238, 2001.
[23] Z.K. Baker and V.K. Prasanna, “A Methodology for the Synthesis of Efficient Intrusion Detection Systems on FPGAs,” Proc. 12th Ann. IEEE Symp. Field Programmable Custom Computing Machines (FCCM '04), pp. 135-144, 2004.
[24] Y. Cho, S. Navab, and W. Mangione-Smith, “Specialized Hardware for Deep Network Packet Filtering,” Proc. 12th ACM/SIGDA Int'l Conf. Field-Programmable Logic and Applications (FPL '02), pp.452-461, 2002.
[25] I. Sourdis and D. Pnevmatikatos, “Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching,” Proc. 12th Ann. IEEE Symp. Field Programmable Custom Computing Machines (FCCM '04), pp. 258-267, 2004.
[26] I. Sourdis and D. Pnevmatikatos, “Fast, Large-Scale String Match for a 10Gbps FPGA-Based Network Intrusion Detection System,” Proc. 13th Ann. ACM/SIGDA Int'l Conf. Field-Programmable Logic and Applications (FPL '03), pp. 880-889, 2003.
[27] D. Knuth, J. Morris, and V. Pratt, “Fast Pattern Matching in Strings,” SIAM J. Computing, pp. 323-350, 1977.
[28] G. Karypis, R. Aggarwal, K. Schloegel, V. Kumar, and S. Shekhar, “METIS Family of Multilevel Partitioning Algorithms,” http://www-users.cs.umn.edu/~karypismetis /, 2004.
[29] M.E. Attig and J.W. Lockwood, “A Framework for Rule Processing in Reconfigurable Network Systems,” Proc. 13th Ann. IEEE Symp. Field-Programmable Custom Computing Machines (FCCM '05), pp. 225-234, 2005.
[30] Y. Cho and W.H. Mangione-Smith, “Fast Reconfiguring Deep Packet Filter for 1+ Gigabit Network,” Proc. 13th Ann. IEEE Symp. Field Programmable Custom Computing Machines (FCCM '05), pp.215-224, 2005.
[31] F. Yu, R. Katz, and T. Lakshman, “Gigabit Rate Packet Pattern-Matching Using TCAM,” Proc. 12th IEEE Int'l Conf. Network Protocols (ICNP), pp. 174-183, 2004.
[32] Xilinx Inc., “Virtex II Pro Series FPGA Devices,” http://www. xilinx.com/xlnxxil_prodcat_landingpage.jsp?title=Virtex-II+% Pro+FPGAs , 2004.
[33] Xilinx Inc., “ML-300 Development Board,” http://www.xilinx. comml300, 2004.

Index Terms:
Intrusion detection, graph algorithms, partitioning, performance, FPGA design.
Citation:
Zachary K. Baker, Viktor K. Prasanna, "Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs," IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 4, pp. 289-300, Oct.-Dec. 2006, doi:10.1109/TDSC.2006.44
Usage of this product signifies your acceptance of the Terms of Use.