FPGA-Based SoC for Real-Time Network Intrusion Detection Using Counting Bloom Filters

Download Now Free registration required

Executive Summary

Computers face an ever increasing number of threats from hackers, viruses and other malware; effective Network Intrusion Detection (NID) before a threat affects end-user machines is critical for both financial and national security. As the number of threats and network speeds increase (over 1 gigabit/sec), users of conventional software based NID methods must choose between protection or higher data rates. To address this shortcoming, the paper has designed a hardware-based NID system-on-a-chip using data structures called Counting Bloom Filters (CBFs). The design has extremely high throughput (up to 3.3 gigabits/sec) and can successfully detect and mitigate known threats, and is, to one's knowledge, the only known CBF based NID system-on-a-chip to be implemented on a Virtex 4 FPGA.

  • Format: PDF
  • Size: 992.9 KB