A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs

Napa, California April 20-April 23

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/FCCM.2004.6

12th Annual IEEE Symposium on Field-P ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Zachary K. Baker Articles by Viktor K. Prasanna

	ASCII Text	x
	Zachary K. Baker, Viktor K. Prasanna, "A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs," Field-Programmable Custom Computing Machines, Annual IEEE Symposium on, pp. 135-144, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'04), 2004.

	BibTex	x
	@article{ 10.1109/FCCM.2004.6, author = {Zachary K. Baker and Viktor K. Prasanna}, title = {A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs}, journal ={Field-Programmable Custom Computing Machines, Annual IEEE Symposium on}, volume = {0}, year = {2004}, isbn = {0-7695-2230-0}, pages = {135-144}, doi = {http://doi.ieeecomputersociety.org/10.1109/FCCM.2004.6}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Field-Programmable Custom Computing Machines, Annual IEEE Symposium on TI - A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs SN - 0-7695-2230-0 SP135 EP144 A1 - Zachary K. Baker, A1 - Viktor K. Prasanna, PY - 2004 KW - null VL - 0 JA - Field-Programmable Custom Computing Machines, Annual IEEE Symposium on ER -

Zachary K. Baker, University of Southern California, Los Angeles

Viktor K. Prasanna, University of Southern California, Los Angeles

Intrusion detection for network security is a computation intensive application demanding high system performance. System level design, a relatively unexplored field in this area, allows more efficient communication and extensive reuse of hardware components for dramatic increases in area-time performance. By applying optimization strategies to the entire database, we reduce hardware requirements compared to architectures designed with single pattern matchers in mind. We present a methodology for system-wide integration of graph-based partitioning of large intrusion detection pattern databases. Integrating ruleset-based graph creation and min-cut partitioning, our methodology allows efficient multi-byte comparisons and partial matches for high performance FPGA-based network security. Through pre-processing, this methodology yields designs with competitive clock frequencies that are a minimum of 8x more area efficient than previous non-predecoded shift-and-compare architectures.

Citation:

Zachary K. Baker, Viktor K. Prasanna, "A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs," fccm, pp.135-144, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.