Flexible Software-Hardware Network Intrusion Detection System

Abstract

Network intrusion detection system (NIDS) demands have been steadily increasing over the past few years. Current solutions using software become inefficient running on high speed high volume networks and will end up dropping packets. Hardware solutions are available and result in much higher efficiency but present problems such as flexibility and cost. Our proposed system uses a modified version of Snort, a robust widely deployed open-sourced NIDS. Snort spends a significant fraction of its processing time doing pattern matching. Our proposed system runs Snort in software until it gets to the pattern matching function and then off loads that processing to the field programmable gate array (FPGA). The hardware is able to process data at up to 1.7 GB/s on one Xilinx XC2VP100 FPGA. Our system is more flexible than other FPGA string matching designs in that the rules are not hard-coded. The design is scalable and allows FPGAs to be used in parallel to increase the processing speed even further.