抄録
This paper proposes a high-throughput intrusion detection system (IDS) with a bloom filter-based header comparison and parallel pattern matching for the packet content. The parallel pattern matching is a two parallel sequence comparison architecture that compares the packet content with the Snort rules. The proposed hardware IDS not only performs high throughput, but also reduces the rules memory size. As shown in post-layout simulation of the implemented application-specific integrated circuit (ASIC), the speed reaches 453MHz that performs 7.2Gbps system throughput to deal with the traffic requirement of edge speed in end user network. With 8MB off-chip SRAM, the system supports 4,020 Snort rules that the pattern number is enough for intruder signature.
