Skip to main content
SpringerLink
Log in

Efficient Logic Circuit for Network Intrusion Detection

  • Conference paper
Embedded and Ubiquitous Computing (EUC 2006)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 4096))

Included in the following conference series:

Abstract

A novel architecture for a hardware-based network intrusion detection system (NIDS) is presented in this paper. The system adopts an FPGA-based signature match co-processor as a core for the NIDS. The signature matcher is based on an algorithm that employs simple shift registers, or-gates, and ROMs in which patterns are stored. As compared with related work, experimental results show that the proposed work achieves higher throughput and less hardware resource in the FPGA implementations of network intrusion detection.

This project is partially supported by the Center for Infrastructure Assurance and Security at UTSA and US Air Force under grant #26-0200-62.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. SNORT official web site, http://www.snort.org

  2. Ramirez, T., Lo, C.D.: Rule set decomposition for hardware network intrusion detection. In: The 2004 International Computer Symposium (ICS 2004) (2004)

    Google Scholar 

  3. Gokhale, M., Dubois, D., Dubois, A., Boorman, M., Poole, S., Hogsett, V.: Granidt: towards gigabit rate network intrusion detection technology. In: Proceedings of the International Conference on Field Programmable Logic and Application, pp. 404–413 (2002)

    Google Scholar 

  4. Hutchings, B.L., Franklin, R., Carver, D.: Assisting network intrusion detection with reconfigurable hardware. In: Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, pp. 111–120 (2002)

    Google Scholar 

  5. Singaraju, J., Bu, L., Chandy, J.A.: A signature match processor architecture for network intrusion detection. In: Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, pp. 235–242 (2005)

    Google Scholar 

  6. Sourdis, I., Pnevmatikatos, D.N.: Pre-decoded cams for efficient and high-speed nids pattern matching. In: Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, pp. 258–267 (2004)

    Google Scholar 

  7. Moscola, J., Lockwood, J.W., Loui, R.P., Pachos, M.: Implementation of a content-scanning module for an internet firewall. In: Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines, pp. 31–38 (2003)

    Google Scholar 

  8. Baeza-Tates, R., Gonnet, G.: A new approach to text searching. Communications of the ACM 35, 74–82 (1992)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate Institute of Computer Science and Information Engineering, National Taiwan Normal University, Taipei, 117, Taiwan

    Huang-Chun Roan & Wen-Jyi Hwang

  2. Department of Electronics Engineering, Ching Yun University, Chungli, 320, Taiwan

    Chien-Min Ou

  3. Department of Computer Science, University of Texas at San Antonio, San Antonio, TX, 78249, USA

    Chia-Tien Dan Lo

Authors
  1. Huang-Chun Roan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chien-Min Ou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wen-Jyi Hwang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chia-Tien Dan Lo
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, The University of Texas at Dallas, 75083-0688, TX, USA

    Edwin Sha

  2. Department of Computer Engineering, Wonkwang University, Jeollabuk-do, 570-749, Iksan, Korea

    Sung-Kook Han

  3. Department of of Electrical and Computer Engg, Wayne State University, 48202, Detroit, Michigan, ox, USA

    Cheng-Zhong Xu

  4. Computer Science Department, Konkuk University, Seoul, Korea

    Moon-Hae Kim

  5. Department of Computer Science, St. Francis Xavier University, Antigonish, Canada

    Laurence T. Yang

  6. Department of Computing, Hong Kong Polytechnic University, Hong Kong

    Bin Xiao

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Roan, HC., Ou, CM., Hwang, WJ., Lo, CT.D. (2006). Efficient Logic Circuit for Network Intrusion Detection. In: Sha, E., Han, SK., Xu, CZ., Kim, MH., Yang, L.T., Xiao, B. (eds) Embedded and Ubiquitous Computing. EUC 2006. Lecture Notes in Computer Science, vol 4096. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11802167_78

Download citation

  • DOI: https://doi.org/10.1007/11802167_78

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-36679-9

  • Online ISBN: 978-3-540-36681-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation