FPGA Based Network Security architecture for High Speed Networks

More documents

Recommendations

Info

5.2 Basic Idea and Related work and the basic ideas of NIDS which is followed by our proposed string matching algorithm using Bloom filters. Two scenarios are further discussed on the con- text of the length of the input packet and the multiple length patterns. Finally the implementation details and analysis are discussed which is followed by the conclusion. 5.2 Basic Idea and Related work In this section, the basic idea and architecture for a typical Network Intrusion Detection System is discussed followed by the previous implementations. 5.2.1 NIDS and Multiple pattern matching As discussed before, a NIDS is simply a software application or a specialized hardware which monitors the network packets for malicious activities. It maintains a database of fixed or variable sized patterns which are searched against an input data packet. A basic architecture for a NIDS is given in Figure 5.1. At the top level, it works as an alarm in the network but at the core , it is computationally challenging as it requires deep packet inspection and that too in network speed. For a high speed network, deep packet inspection signifies that every byte of every packet must be searched for multiple patterns. So in a nutshell, the operation is nothing but a multiple pattern matching algorithm. Figure 5.1: Basic Architecture for Signature based NIDS Scanning or monitoring a packet in a network involves both header as well as payload analysis of the packet. The overhead for the header analysis is much less 41
5.2 Basic Idea and Related work than the payload analysis and the header size is fixed unlike the packet payload. String Matching Engine: The Multi-Pattern matching problem: One of the vital module for a Network based Intrusion detection System is a marching engine whose task is to find the presence of multiple strings or patterns in a given packet payload. In a multi-pattern matching problem, we are given a set of strings S = {
Page 1 and 2: FPGA Based Network Security archite
Page 3 and 4: Department of Computer Science and
Page 5 and 6: Abstract Cryptography and Network S
Page 7 and 8: 3.5 Complexity of the proposed mult
Page 9 and 10: List of Tables 3.1 Device utilizati
Page 11 and 12: Chapter 1 Introduction In the field
Page 13 and 14: 1.2 Problem Statement cannot guaran
Page 15 and 16: 1.4 Thesis Organization from the mo
Page 17 and 18: Chapter 2 Background 2.1 Introducti
Page 19 and 20: 2.3 Related Work transform step pro
Page 21 and 22: 2.3 Related Work put rate and the a
Page 23 and 24: 2.3 Related Work was needed to mana
Page 25 and 26: • High degree of fine grain paral
Page 27 and 28: 2.4 Conclusion efficient VLSI imple
Page 29 and 30: Chapter 3 Modulo (2 16 + 1) multipl
Page 31 and 32: 3.3 Algorithm for the proposed mult
Page 33 and 34: 3.3 Algorithm for the proposed mult
Page 35 and 36: 3.4 Proposed multiplier architectur
Page 37 and 38: or
Page 39 and 40: Design and Implementation of IDEA I
Page 41 and 42: 4.2 Design and Architecture using p
Page 43 and 44: 4.3 Result and comparison with othe
Page 45 and 46: 4.4 Conclusion Table 4.1: Compariso
Page 47 and 48: FPGA based string matching for NIDS
Page 49: 5.1 Introduction are primarily focu
Page 53 and 54: filter is described in subsequent s
Page 55 and 56: 5.3 Proposed Design matching module
Page 57 and 58: 5.4.1 Implementation Constraints 5.
Page 59 and 60: Figure 5.6: Large Bloom Filter usin
Page 61 and 62: Figure 5.8: Timing Summary for Hash
Page 63 and 64: 5.5 Conclusion to in line speed. In
Page 65 and 66: Chapter 6 Conclusion and Future Wor
Page 67 and 68: Bibliography [8] A.V. Curiger, H. B
Page 69 and 70: Bibliography [25] M. Thaduri, S.-M.
Page 71 and 72: Bibliography [43] Sarang Dharmapuri

FPGA Based Network Security architecture for High Speed Networks

Create successful ePaper yourself

Delete template?

Save as template?