| Search the Collection|Browse Subjects|Services|Library Information|Community |News & Events | |
|
|
|
|
|
|
|
|
||||
|
|||||||
Type of Document Dissertation Author Aldwairi, Monther , Author's Email Address montherdwairi@hotmail.com URN etd-12072006-052347 Title Hardware Efficient Pattern Matching Algorithms and Architectures for Fast Intrusion Detection. Degree PhD Graduate Program Computer Engineering Advisory Committee
Advisor Name Title Dr Paul Franzon Committee Chair Keywords
- Digital ASIC Design
- Network Processors
- Network Security
- String Matching
- FPGA
- Hardware Algorithms
- Compression Algorithms
- Pattern Matching
- Snort
- Intrusion Detection Systems
Date of Defense 2006-10-12 Availability unrestricted Abstract Intrusion detection processors are becoming a predominant feature in the field of networkhardware. As demand on more network speed increases and new network protocols emerge,
network intrusion detection systems are increasing in importance and are being integrated in network processors. Currently, most intrusion detection systems are software running on a general purpose processor. Unfortunately, it is becoming increasingly difficult for software based intrusion detection systems to keep up with increasing network speeds (OC192 and 10Gbps at backbone networks).
Signature-based intrusion detection systems monitor network traffic for security threats
by scanning packet payloads for attack signatures. Intrusion detection systems have to run at wire speed and need to be configurable to protect against emerging attacks. This dissertation describes the concept, structure and algorithms for a special purpose hardware accelerator designed to meet those demands. We consider the problem of string matching which is the most computationally intensive task in intrusion detection. A configurable string matching accelerator is developed with the focus on increasing throughput while maintaining the
configurability provided by the software intrusion detection systems. A hardware algorithm
for efficient data storage and fast retrieval is used to compress, store and retrieve attack
signatures. Our algorithms reduce the size of the rules to fit on chip and enables intrusion
detection to run at line rates and faster.
Files
Filename Size Approximate Download Time (Hours:Minutes:Seconds)
28.8 Modem 56K Modem ISDN (64 Kb) ISDN (128 Kb) Higher-speed Access etd.pdf 768.47 Kb 00:03:33 00:01:49 00:01:36 00:00:48 00:00:04