This paper describes the implementation or a high speed hardware network intrusion detection system. The system is powerful as well as flexible due to the use of hardware configurable circuits such as FPGA (Field Programmable Gate Array). The developed circuit architecture uses a pipeline technique based on communicating finite state machines. The goal is to maximize the throughput while reducing the latency. One of the main characteristic of the circuit is that Ethernet packets are processed directly on the fly. As a consequence, a character is processed as soon as it is acquired from the medium without waiting for the complete arrival of the current packet. The pipeline allows all circuit modules to operate in parallel with minimal synchronization.
展开▼
