Design and Implementation of DPI Mechanism for NIDS on FPGA
Network intrusion detection systems have become intensive application for identifying malicious pattern. Pattern matching is the problem of finding all occurrences of a pattern in a text. Essential to NIDS is the inspecting packets. Now a day’s intrusion detection system plays an important role in network security. As the use of internet is increasing rapidly the possibility of attack is also increasing. People are using signature based IDS, snort is most widely used signature based IDS because of its open source software. In this paper our work concentrates on multi pattern signature and proposes a FPGA based deep packet inspection engine for NIDS.The system can support both dynamic and string pattern matching system. Multi pattern matching involves matching a data item against a large database of signature patterns. String matching is one of the most critical elements because it allows for the system to make decisions based on the actual content. The evaluation on real network environment shows that net FPGA can maintain gigabit line rate throughput without dropping packets.
Veena M P, Divya Prabha, Dr. M Z Kurian