With the increasing demand and emphasis on higher availability, a number of organizations are providing large number of services through the Internet. This increased visibility makes them more vulnerable to cyber attacks. Most organizations spend a significant amount of money trying to secure their resources. Traditionally, securing a network involved installing infrastructure devices like firewalls that were based on a static set of pre-configured rules and on cryptographic access control routines. However of late, network intrusion detection systems are becoming more and more popular with organizations as they provide a formidable defense against most attacks and help secure network resources at a significantly lower cost.;Network Intrusion Detection Systems (NIDS) are inline devices that monitor network traffic at wire speed to identify malicious traffic. These systems need to match the packet payload against a predefined set of strings (also called patterns or signatures) in real time. In order to match strings, a string matching engine is used. As NIDS systems are inline devices, in order to be effective the underlying string matching engine needs to perform string matching at wire speeds. The current state of art uses software solutions like Snort to detect and in some case prevent intrusions. With the average networking speed doubling every year, it is becoming increasingly difficult for software based string matching engines to operate at line speed.;In this thesis we propose a hardware based string matching engine to process very high speed lines. Our approach uses a parallel hashing strategy that processes multiple bytes of data in a single clock cycle. In addition to the parallel hashing strategy we propose a Bloom filter based accelerator that is used to accelerate the performance of the parallel hashing engine. We provide the implementation details of the engine and discuss the results.
展开▼