Abstract
We describe a novel application of reconfigurable computing to the problem of computer network security. By filtering network packets with customized logic circuits, we can search headers as well as packet content for specific signatures at Gigabit Ethernet line rate. Input to our system is a set of filter rule descriptions in the format of the public domain “snort” databases. These descriptions are used by the hardware circuits on two Xilinx Virtex 1000 FPGAs on a SLAAC1V [9]board. Packets are read from a Gigabit Ethernet interface card, the GRIP [8], and flow directly through the packet filtering circuits. A vector describing matching packet headers and content are returned to the host program, which relates matches back to the rule database, so that logs or alerts can be generated. The hardware runs at 66 MHz with 32-bit data, giving an effective line rate of 2 Gb/s. The granidt combination software/hardware runs at 24.9X the speed of snort 1.8.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
William Cheswick and Steven Bellovin. Firewalls and Internet Security. Addison-Wesley, 1994.
R. Franklin et al. Assisting network intrusion detection with reconfigurable hardware. IEEE FCCM 2002, 2002.
Joshua W. Haines, Richard P. Lippmann, David J. Fried, et al. 1999 darpa intrusion detection system evaluation: Design and procedures. MIT Lincoln Laboratory Technical Report, 2001.
Steven McCanne and Van Jacobson. The BSD packet filter: A new architecture for user-level packet capture. In USENIX Winter, pages 259–270, 1993.
J. McHenry et al. An fpga-based co-processor for atm firewalls. IEEE FCCM 2002, 1997.
IntruVert Networks. http://www.intruvert.com. 2002.
Martin Roesch. Snort: The open source network intrusion detection system. http://www.snort.org, 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gokhale, M., Dubois, D., Dubois, A., Boorman, M., Poole, S., Hogsett, V. (2002). Granidt: Towards Gigabit Rate Network Intrusion Detection Technology. In: Glesner, M., Zipf, P., Renovell, M. (eds) Field-Programmable Logic and Applications: Reconfigurable Computing Is Going Mainstream. FPL 2002. Lecture Notes in Computer Science, vol 2438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46117-5_43
Download citation
DOI: https://doi.org/10.1007/3-540-46117-5_43
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44108-3
Online ISBN: 978-3-540-46117-3
eBook Packages: Springer Book Archive