Network intrusion detection based on shift-OR circuit

Huang Chun Roan, Wen Jyi Hwang, Wei Jhih Huang, Chia Tien Dan Lo

Research output: Contribution to journalArticle

Abstract

This paper introduces a novel FPGA-based signature match co-processor that can serve as the core of a hardware-based network intrusion detection system (NIDS). The key feature of the signature match co-processor is an architecture based on the shift-or algorithm, which employs simple shift registers, or-gates, and ROMs where patterns are stored. As compared with related work, experimental results show that the proposed work achieves higher throughput and less hardware resource in the FPGA implementations of NIDS systems.

Original languageEnglish
Pages (from-to)1229-1239
Number of pages11
JournalJournal of Information Science and Engineering
Volume24
Issue number4
Publication statusPublished - 2008 Jul 1

Fingerprint

Intrusion detection
Field programmable gate arrays (FPGA)
Hardware
Shift registers
ROM
hardware
Networks (circuits)
Throughput
resources
Coprocessor

Keywords

  • FPGA implementation
  • Network intrusion detection system
  • Pattern matching
  • Shift-or algorithm
  • String searching

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Hardware and Architecture
  • Library and Information Sciences
  • Computational Theory and Mathematics

Cite this

Network intrusion detection based on shift-OR circuit. / Roan, Huang Chun; Hwang, Wen Jyi; Huang, Wei Jhih; Lo, Chia Tien Dan.

In: Journal of Information Science and Engineering, Vol. 24, No. 4, 01.07.2008, p. 1229-1239.

Research output: Contribution to journalArticle

Roan, Huang Chun ; Hwang, Wen Jyi ; Huang, Wei Jhih ; Lo, Chia Tien Dan. / Network intrusion detection based on shift-OR circuit. In: Journal of Information Science and Engineering. 2008 ; Vol. 24, No. 4. pp. 1229-1239.
@article{50f26b7f38a74e9cb04a0e1df6fee04f,
title = "Network intrusion detection based on shift-OR circuit",
abstract = "This paper introduces a novel FPGA-based signature match co-processor that can serve as the core of a hardware-based network intrusion detection system (NIDS). The key feature of the signature match co-processor is an architecture based on the shift-or algorithm, which employs simple shift registers, or-gates, and ROMs where patterns are stored. As compared with related work, experimental results show that the proposed work achieves higher throughput and less hardware resource in the FPGA implementations of NIDS systems.",
keywords = "FPGA implementation, Network intrusion detection system, Pattern matching, Shift-or algorithm, String searching",
author = "Roan, {Huang Chun} and Hwang, {Wen Jyi} and Huang, {Wei Jhih} and Lo, {Chia Tien Dan}",
year = "2008",
month = "7",
day = "1",
language = "English",
volume = "24",
pages = "1229--1239",
journal = "Journal of Information Science and Engineering",
issn = "1016-2364",
publisher = "Institute of Information Science",
number = "4",

}

TY - JOUR

T1 - Network intrusion detection based on shift-OR circuit

AU - Roan, Huang Chun

AU - Hwang, Wen Jyi

AU - Huang, Wei Jhih

AU - Lo, Chia Tien Dan

PY - 2008/7/1

Y1 - 2008/7/1

N2 - This paper introduces a novel FPGA-based signature match co-processor that can serve as the core of a hardware-based network intrusion detection system (NIDS). The key feature of the signature match co-processor is an architecture based on the shift-or algorithm, which employs simple shift registers, or-gates, and ROMs where patterns are stored. As compared with related work, experimental results show that the proposed work achieves higher throughput and less hardware resource in the FPGA implementations of NIDS systems.

AB - This paper introduces a novel FPGA-based signature match co-processor that can serve as the core of a hardware-based network intrusion detection system (NIDS). The key feature of the signature match co-processor is an architecture based on the shift-or algorithm, which employs simple shift registers, or-gates, and ROMs where patterns are stored. As compared with related work, experimental results show that the proposed work achieves higher throughput and less hardware resource in the FPGA implementations of NIDS systems.

KW - FPGA implementation

KW - Network intrusion detection system

KW - Pattern matching

KW - Shift-or algorithm

KW - String searching

UR - http://www.scopus.com/inward/record.url?scp=48849102716&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=48849102716&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:48849102716

VL - 24

SP - 1229

EP - 1239

JO - Journal of Information Science and Engineering

JF - Journal of Information Science and Engineering

SN - 1016-2364

IS - 4

ER -