Skip to main content
Kent Academic Repository

FPGA-based High Throughput Regular Expression Pattern Matching for Network Intrusion Detection Systems

Modi, Bala (2015) FPGA-based High Throughput Regular Expression Pattern Matching for Network Intrusion Detection Systems. Doctor of Philosophy (PhD) thesis, University of Kent,. (KAR id:56664)

PDF
Language: English
Download this file
(PDF/6MB)
[thumbnail of 160Mr. B.MODI 10902187.pdf]
Preview

Abstract

Network speeds and bandwidths have improved over time. However, the frequency of network attacks and illegal accesses have also increased as the network speeds and bandwidths improved over time. Such attacks are capable of compromising the privacy and confidentiality of network resources belonging to even the most secure networks. Currently, general-purpose processor based software solutions used for detecting network attacks have become inadequate in coping with the current network speeds. Hardware-based platforms are designed to cope with the rising network speeds measured in several gigabits per seconds (Gbps). Such hardware-based platforms are capable of detecting several attacks at once, and a good candidate is the Field-programmable Gate Array (FPGA). The FPGA is a hardware platform that can be used to perform deep packet inspection of network packet contents at high speed. As such, this thesis focused on studying designs that were implemented with Field-programmable Gate Arrays (FPGAs). Furthermore, all the FPGA-based designs studied in this thesis have attempted to sustain a more steady growth in throughput and throughput efficiency. Throughput efficiency is defined as the concurrent throughput of a regular expression matching engine circuit divided by the average number of look up tables (LUTs) utilised by each state of the engine"s automata. The implemented FPGA-based design was built upon the concept of equivalence classification. The concept helped to reduce the overall table size of the inputs needed to drive the various Nondeterministic Finite Automata (NFA) matching engines. Compared with other approaches, the design sustained a throughput of up to 11.48 Gbps, and recorded an overall reduction in the number of pattern matching engines required by up to 75%. Also, the overall memory required by the design was reduced by about 90% when synthesised on the target FPGA platform.

Item Type: Thesis (Doctor of Philosophy (PhD))
Thesis advisor: Tripp, Gerald
Uncontrolled keywords: FPGA Regular Expression Equivalence Classification LUTs Throughput Throughput Efficiency XST BRAMS ECDs ECDRTS-NFA ECD-NFA
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Funders: [37325] UNSPECIFIED
Depositing User: Users 1 not found.
Date Deposited: 27 Jul 2016 15:00 UTC
Last Modified: 05 Nov 2024 10:46 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/56664 (The current URI for this page, for reference purposes)

University of Kent Author Information

Modi, Bala.

Creator's ORCID:
CReDIT Contributor Roles:
  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.