Outreach Programs

Education Programs Technology Outreach Program International Programs Distinguished Lecturer Series International Center for Materials Research MRL Diversity Fellowship MRL Travel Fellowship

Intern: Brett Brotherton, Computer Engineering, University of California, Riverside Mentor: Tim Sherwood Faculty Supervisor: Tim Sherwood Department: Department of Computer Science

A HIGH THROUGHPUT STRING MATCHING ARCHITECTURE FOR INTRUSION DETECTION AND PREVENTION

Computer networks have become and integral part of our economy and daily lives, and ensuring that they are safe from intrusion is a top priority. The backbone of most modern intrusion detection systems is usually a string-matching algorithm. In order to detect an attack, the information coming through the network is matched up against strings that represent characteristics of an attack. To keep up with increasing network speeds we need to be able to match thousands of strings at a rate of around 10 billion bits/second, which is why we have developed a new architecture to perform the high speed string matching. The design breaks up the strings into many small state machines, which search for a portion of the rule. Dividing the rules saves space, which means the hardware can run faster, and is small enough to fit on chip. This robust architecture has the capability of being updated while it is running, while most of the currently known methods do not. Also, it is 10 times more efficient than the currently best-known methods. We are using an FPGA to develop a fully functional prototype that we can drop into the network for testing.

Return to the RISE 2005 project list