查看文章

Damage caused by the recent series of application-level network attacks clearly indicate an immediate need for increased security. Most of these attacks can be more accurately detected by a technique termed Deep Packet Inspection. Deep packet inspection not only examines the packet header, but also looks through the entire payload searching for all of the user specified patterns. Payload pattern search is an expensive process, especially when the set of patterns is large. Current solutions employ software filtering systems that is not practical for bandwidth beyond 100 Mbps. For example, one of the most widely used intrusion detection system, Snort, configured with 845 patterns can sustain a throughput of only 50 Mbps running on a dual 1-GHz Pentium III system. The bottleneck of such system is the dynamic pattern search. Therefore, we implement a fast dynamic pattern search engine on a field programmable gate array. Our system filters and identifies the entire 1,625 unique patterns defined in the most current version of Snort rule set. This system is mapped onto a single 400k Xilinx Spartan 3 FPGA-XC3S400 with a filtering rate of 1.6 Gbps.