Bitwise optimised cam for network intrusion detection systems

S. Yusuf, W. Luk
International Conference on Field Programmable Logic and Applications, 2005.  
String pattern matching is a computationally expensive task, and when implemented in hardware, it can consume a large amount of resources for processing and storage. This paper presents a novel technique, based on a tree-based content addressable memory structure, for a pattern matching engine for use in a hardware-based network intrusion detection system. This technique involves hardware sharing at bit level in order to exploit powerful logic optimisations for multiple strings represented as a
more » ... boolean expression. Our approach has been used to implement the entire SNORT rule set with around 12% of the area on a Xilinx XC2V8000 FPGA. The design can run at a rate of approximately 2.5 Gigabits per second, and is approximately 30% smaller in area when compared with published results. The performance of our design can be improved further by having multiple designs operating in parallel.
doi:10.1109/fpl.2005.1515762 dblp:conf/fpl/YusufL05 fatcat:f4frrpm7pfdxzfnwtqcy6n7ncq