This work aims at designing a fast string matcher using the content addressable memory technology. It is appropriate for use in applications that require a variable width dynamic string matcher, where the content of the matching module has to be varied within a certain time period. This alteration includes the need to add, remove or even modify the content without the need to change the module. The content of the string matcher is padded with don't cares in order to solve the length difference problem between words. A software program was developed in order to extract, merge and reformat the data to be matched. In this work, we provide an FPGA-based hardware implementation for the rule matching module that can be employed as a network intrusion detection system (NIDS). This module can be used in applications that require packet-level fire-wall based security systems. Moreover, we present a detailed comparison with different hardware implemented NIDS algorithms.
展开▼