Traffic-aware Design of a High Speed FPGA Network Intrusion Detection System

Security of today's networks heavily relies on Network Intrusion Detection Systems (NIDSs). The ability to promptly update the supported rule sets and detect new emerging attacks makes Field Programmable Gate Arrays (FPGAs) a very appealing technology. An important issue is how to scale FPGA-based NIDS implementations to ever faster network links. Whereas a trivial approach is to balance traffic over multiple, but functionally equivalent, hardware blocks, each implementing the whole rule set (several thousand rules), the obvious cons is the linear increase in the resource occupation.

Provided by: University of Rochester Topic: Security Date Added: May 2012 Format: PDF

Find By Topic