HNPC: Hardware Network Packet Classifier for High Speed ‎Intrusion Detection Systems

Full Text PDF PDF
Author(s) Nekoo Rafiei Karkvandi | Hassan Asgharian | Amir Kusedghi | Ahmad Akbari
Pages 150-160
Volume 4
Issue 3
Date March, 2014
Keywords intrusion detection, packet classification, hardware implementation, filter sets, port number

Abstract

Increasing speed and bandwidth of network traffic and existence of related attacks require the intrusion detection system work in real ‎time. Packet classification is an integrated part of a full featured Network Intrusion Detection System. Software solutions are available for the packet classification problem but their performance is not sufficient for wire speed processing in the high speed networks. In this paper a hardware solution is proposed to extract the ‎packet features and process the packets for high throughput intrusion detection systems. Matching packets with some predefined rules in packet classification as the number of rules increase, causes extreme performance degradation. We propose two heuristic algorithms for fast search of a port number in range and searching IP ‎address with mask values. According to the achieved results, the designed system is able to work with 10,000 different rules in 100 MHz ‎clock which illustrates that our proposed system can work with link rate of 32 Gbps. The proposed algorithm has been tested by standard ‎benchmarks and simulated in Modelsim 6.5 and further implemented on the FPGA device xc5vlx110t-3ff1136 using XillinxISE13.2 ‎software.‎

< Back to February Issue