Article

Efficient packet classification for network intrusion detection using FPGA

Authors:

John W. LockwoodAuthors Info & Claims

FPGA '05: Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays

Pages 238 - 245

https://doi.org/10.1145/1046192.1046223

Published: 20 February 2005 Publication History

Abstract

Using FPGA technology for real-time network intrusion detection has gained many research efforts recently. In this paper, a novel packet classification architecture called BV-TCAM is presented, which is implemented for an FPGA-based Network Intrusion Detection System (NIDS). The classifier can report multiple matches at gigabit per second network link rates. The BV-TCAM architecture combines the Ternary Content Addressable Memory (TCAM) and the Bit Vector (BV) algorithm to effectively compress the data representations and boost throughput. A tree-bitmap implementation of the BV algorithm is used for source and destination port lookup while a TCAM performs the lookup of the other header fields, which can be represented as a prefix or exact value. The architecture eliminates the requirement for prefix expansion of port ranges. With the aid of a small embedded TCAM, packet classification can be implemented in a relatively small part of the available logic of an FPGA. The design is prototyped and evaluated in a Xilinx FPGA XCV2000E on the FPX platform. Even with the most difficult set of rules and packet inputs, the circuit is fast enough to sustain OC48 traffic throughput. Using larger and faster FPGAs, the system can work at speeds greater than OC192.

References

[1]

Snort -The Open Source Network Intrusion Detection System. In http://www.snort.org.

[2]

F. Baboescu and G. Varghese. Scalable Packet Classification. In ACM Sigcomm, San Diego, CA, Aug. 2001.

Digital Library

[3]

Z. Baker and V. Prasanna. Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs. In Proceedings of FPL'04, 2004.

Digital Library

[4]

Z. Baker and V. Prasanna. Time and Area Efficient Pattern Matching on FPGAs. In Proceedings of FPGA'04, 2004.

Digital Library

[5]

Y. Cho and W. Mangione-Smith. Deep Packet Filter with Dedicated Logic and Read Only Memories. In Proceedings of IEEE FCCM'04, 2004.

Digital Library

[6]

C. Clark and D. Schimmel. Efficient Reconfigurable Logic Circuits for Matching Complex Network Intrusion Detection Patterns. In Proceedings of FPL'03, 2003.

[7]

B. L. Hutchings, R. Franklin, and D. Carver. Assisting Network Intrusion Detection with Reconfigurable Hardware. In Proceedings of IEEE FCCM'02, 2002.

Digital Library

[8]

T. V. Lakshman and D. Stiliadis. High-Speed Policy-based Packet Forwarding using Efficient Multi-dimensional Range Matching. In ACM Sigcomm, Sept. 1998.

Digital Library

[9]

T. Lee, S. Yusuf, W. Luk, M. Sloman, E. Lupu, and N. Dulay. Irregular Reconfiguration CAM Structures for Firewall Application. In Proceedings of FPL'03, 2003.

[10]

H. Liu. Efficient Mapping of Range Classifier into Ternary-CAM. In IEEE Symposium on High Performance Interconnects (HotI), Stanford, CA, Aug. 2002.

Digital Library

[11]

J. V. Lunteren and T. Engbersen. Fast and Scalable Packet Classification.IEEE Journal on Selected Areas in Communications, 21:560--570, May 2003.

Digital Library

[12]

M. Roesc . SNORT - lightweight intrusion detection for networks. In 13th Systems Administration Conference, 1999.

Digital Library

[13]

I. Sourdis and D. Pnevmatikatos. A Methodology for the Synthesis of Efficient Intrusion Detection Systems on FPGAs. In Proceedings of FCCM'04, 2004.

Digital Library

[14]

E. Spitznagel, D. Taylor, and J. Turner. Packet Classification using Extended TCAMs. In IEEE International Conference on Network Protocols (ICNP), 2003.

Digital Library

[15]

V. Srinivasan and G. Varghese. Faster IP Lookups using Controlled Prefix Expansion. In SIGMETRICS, 1998.

Digital Library

[16]

D. Taylor. Survey and Taxonomy of Packet Classification Techniques. Tech. Report WUCSE-2004-24, Department of CSE, Washington University in St.Louis, 2004.

[17]

D. Taylor, J. Turner, J. Lockwood, T. Sproull, and D. Parlour. Scalable IP Lookup for Internet Routers. IEEE Journal on Selected Areas in Communications, 21:522--534, May 2003.

Digital Library

[18]

W. N. Eatherton. Hardware-Based Internet Protocol Prefix Lookups. Master Thesis, Washington University in St.Louis, http://www.arl.wustl.edu/, 1999.

[19]

Xilinx. Contend-Addressable Memory v4.0. Xilinx Product Specification S253 (v1.0), Marc 2003.

[20]

F. Yu and R. Katz. Efficient Multi-Match Packet Classification and Lookup with TCAM. In IEEE Symposium on High Performance Interconnects (HotI), Stanford, CA, Aug. 2004.

Digital Library

Cited By

Chang YChen H(2024)Partitioned 2D Set-Pruning Segment Trees with Compressed Buckets for Multi-Dimensional Packet ClassificationThe Computer Journal10.1093/comjnl/bxad13267:6(2189-2207)Online publication date: 2-Feb-2024
https://doi.org/10.1093/comjnl/bxad132
Xu WZhang ZSong HLiu SFeng YLiu B(2023)ISAC: In-Switch Approximate Cache for IoT Object Detection and RecognitionIEEE INFOCOM 2023 - IEEE Conference on Computer Communications10.1109/INFOCOM53939.2023.10229067(1-10)Online publication date: 17-May-2023
https://doi.org/10.1109/INFOCOM53939.2023.10229067
Kekely MKořenek J(2023)Optimizing Packet Classification on FPGA2023 26th International Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS)10.1109/DDECS57882.2023.10139668(7-12)Online publication date: 3-May-2023
https://doi.org/10.1109/DDECS57882.2023.10139668
Show More Cited By

Index Terms

Efficient packet classification for network intrusion detection using FPGA
1. Computer systems organization
  1. Embedded and cyber-physical systems
  2. Real-time systems

Recommendations

Field-split parallel architecture for high performance multi-match packet classification using FPGAs
SPAA '09: Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architectures

Multi-match packet classification is a critical function in network intrusion detection systems (NIDS), where all matching rules for a packet need to be reported. Most of the previous work is based on ternary content addressable memories (TCAMs) which ...
Large-scale wire-speed packet classification on FPGAs
FPGA '09: Proceedings of the ACM/SIGDA international symposium on Field programmable gate arrays

Multi-field packet classification is a key enabling function of a variety of network applications, such as firewall processing, Quality of Service differentiation, traffic billing, and other value added services. Although a plethora of research has been ...
High throughput architecture for packet classification using FPGA
ANCS '09: Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

To avoid packet classification from being the performance bottleneck in network devices, one-chip solution hardware packet classifier based on HiCuts algorithm is designed and implemented in single chip of FPGA. The compact data structure and the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

FPGA '05: Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays

February 2005

288 pages

ISBN:1595930299

DOI:10.1145/1046192

General Chair:
Herman Schmit
Tabula
,
Program Chair:
Steve Wilton
University of British Columbia

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 February 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

FPGA05

Sponsor:

FPGA05: ACM/SIGDA International Symposium on Field Programmable Gate Arrays 2005

February 20 - 22, 2005

California, Monterey, USA

Acceptance Rates

Overall Acceptance Rate 125 of 627 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

154
Total Citations
View Citations
2,088
Total Downloads

Downloads (Last 12 months)27
Downloads (Last 6 weeks)1

Reflects downloads up to 28 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chang YChen H(2024)Partitioned 2D Set-Pruning Segment Trees with Compressed Buckets for Multi-Dimensional Packet ClassificationThe Computer Journal10.1093/comjnl/bxad13267:6(2189-2207)Online publication date: 2-Feb-2024
https://doi.org/10.1093/comjnl/bxad132
Xu WZhang ZSong HLiu SFeng YLiu B(2023)ISAC: In-Switch Approximate Cache for IoT Object Detection and RecognitionIEEE INFOCOM 2023 - IEEE Conference on Computer Communications10.1109/INFOCOM53939.2023.10229067(1-10)Online publication date: 17-May-2023
https://doi.org/10.1109/INFOCOM53939.2023.10229067
Kekely MKořenek J(2023)Optimizing Packet Classification on FPGA2023 26th International Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS)10.1109/DDECS57882.2023.10139668(7-12)Online publication date: 3-May-2023
https://doi.org/10.1109/DDECS57882.2023.10139668
Deyannis DPapadogiannaki EChrysos GGeorgopoulos KIoannidis S(2022)The Diversification and Enhancement of an IDS Scheme for the Cybersecurity Needs of Modern Supply ChainsElectronics10.3390/electronics1113194411:13(1944)Online publication date: 22-Jun-2022
https://doi.org/10.3390/electronics11131944
Dakhil YOzbek MAl-Kaseem B(2022)Packet Header Classification for Network Intrusion Detection System Based on FPGA2022 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA)10.1109/HORA55278.2022.9800025(1-6)Online publication date: 9-Jun-2022
https://doi.org/10.1109/HORA55278.2022.9800025
Srinivasavarma VPydi SMahammad S(2022)Hardware-based multi-match packet classification in NIDS: an overview and novel extensions for improving the energy efficiency of TCAM-based classifiersThe Journal of Supercomputing10.1007/s11227-022-04377-878:11(13086-13121)Online publication date: 14-Mar-2022
https://doi.org/10.1007/s11227-022-04377-8
Abbasi MAfshari Haghdoost M(2021)Improvement and parallelization of Snort network intrusion detection mechanism using graphics processing unitSignal and Data Processing10.52547/jsdp.18.1.15018:1(150-135)Online publication date: 1-May-2021
https://doi.org/10.52547/jsdp.18.1.150
Pnevmatikou ALentaris GSoudris DKokkalis N(2020)Fast Packet Classification using RISC-V and HyperSplit Acceleration on FPGA2020 IEEE International Symposium on Circuits and Systems (ISCAS)10.1109/ISCAS45731.2020.9180588(1-5)Online publication date: Oct-2020
https://doi.org/10.1109/ISCAS45731.2020.9180588
Ruiz-Rosero JRamirez-Gonzalez GKhanna R(2019)Field Programmable Gate Array Applications—A Scientometric ReviewComputation10.3390/computation70400637:4(63)Online publication date: 11-Nov-2019
https://doi.org/10.3390/computation7040063
Byun HLi QLim H(2019)Vectored-Bloom Filter for IP Address Lookup: Algorithm and Hardware ArchitecturesApplied Sciences10.3390/app92146219:21(4621)Online publication date: 30-Oct-2019
https://doi.org/10.3390/app9214621
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents