Skip to main content

FPGA-based High Throughput Regular Expression Pattern Matching for Network Intrusion Detection Systems

Modi, Bala (2015) FPGA-based High Throughput Regular Expression Pattern Matching for Network Intrusion Detection Systems. Doctor of Philosophy (PhD) thesis, University of Kent,.

PDF
Download (4MB) Preview
[img]
Preview

Abstract

Network speeds and bandwidths have improved over time. However, the frequency of network attacks and illegal accesses have also increased as the network speeds and bandwidths improved over time. Such attacks are capable of compromising the privacy and confidentiality of network resources belonging to even the most secure networks. Currently, general-purpose processor based software solutions used for detecting network attacks have become inadequate in coping with the current network speeds. Hardware-based platforms are designed to cope with the rising network speeds measured in several gigabits per seconds (Gbps). Such hardware-based platforms are capable of detecting several attacks at once, and a good candidate is the Field-programmable Gate Array (FPGA). The FPGA is a hardware platform that can be used to perform deep packet inspection of network packet contents at high speed. As such, this thesis focused on studying designs that were implemented with Field-programmable Gate Arrays (FPGAs). Furthermore, all the FPGA-based designs studied in this thesis have attempted to sustain a more steady growth in throughput and throughput efficiency. Throughput efficiency is defined as the concurrent throughput of a regular expression matching engine circuit divided by the average number of look up tables (LUTs) utilised by each state of the engine"s automata. The implemented FPGA-based design was built upon the concept of equivalence classification. The concept helped to reduce the overall table size of the inputs needed to drive the various Nondeterministic Finite Automata (NFA) matching engines. Compared with other approaches, the design sustained a throughput of up to 11.48 Gbps, and recorded an overall reduction in the number of pattern matching engines required by up to 75%. Also, the overall memory required by the design was reduced by about 90% when synthesised on the target FPGA platform.

Item Type: Thesis (Doctor of Philosophy (PhD))
Thesis advisor: Tripp, Gerald
Uncontrolled keywords: FPGA Regular Expression Equivalence Classification LUTs Throughput Throughput Efficiency XST BRAMS ECDs ECDRTS-NFA ECD-NFA
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Divisions: Faculties > Sciences > School of Computing
Depositing User: Users 1 not found.
Date Deposited: 27 Jul 2016 15:00 UTC
Last Modified: 29 May 2019 17:40 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/56664 (The current URI for this page, for reference purposes)
  • Depositors only (login required):

Downloads

Downloads per month over past year