Pattern reduction and circuit design for hardware-supported network intrusion detection

Abstract

There are many other works that attempt to speed up the NIDS Snort by improving the packet processing function. Most of the work has been focused on circuit design while attempts to reduce the rule sets have been limited. This paper shows how we are capable of reducing the amount of characters in a rule set to limit device utilization requirements. Our results show we can use 51% of the amount of logic to implement the full rule set for the NIDS Snort. Our design has also been shown to perform in a comparable manner as that of another approach that reduces rule sets for intrusion detection. It is as area efficient as the other work and the throughput is sufficient for the goal of monitoring a high-speed network. The area utilization is still within device constraints for our development platform. Also, depending upon the network's priorities, cost or performance, more devices can be used to implement faster pattern matching.