Memory-efficient content filtering hardware for high-speed intrusion detection systems

Sungwon Yi, Byoung Koo Kim, Jintae Oh, Jongsoo Jang, George Kesidis, Chita R. Das

Research output: Chapter in Book/Report/Conference proceedingConference contribution

15 Scopus citations


Content filtering-based Intrusion Detection Systems have been widely deployed in enterprise networks, and have become a standard measure to protect networks and network users from cyber attacks. Although several solutions have been proposed recently, finding an efficient solution is considered as a difficult problem due to the limitations in resources such as a small memory size, as well as the growing link speed. In this paper, we present a novel content filtering technique called Table-driven Bottom-up Tree (TBT), which was designed i) to fully exploit hardware parallelism to achieve real-time packet inspection, ii) to require a small memory for storing signatures, iii) to be flexible in modifying the signature database, and iv) to support complex signature representation such as regular expressions. We configured TBT considering the hardware specifications and limitations, and implemented it using a FPGA. Simulation based performance evaluations showed that the proposed technique used only 350 Kilobytes of memory for storing the latest version of SNORT rule consisting of 2770 signatures. In addition, unlike many other hardware-based solutions, modification to signature database does not require hardware re-compilation in TBT.

Original languageEnglish (US)
Title of host publicationProceedings of the 2007 ACM Symposium on Applied Computing
PublisherAssociation for Computing Machinery
Number of pages6
ISBN (Print)1595934804, 9781595934802
StatePublished - 2007
Event2007 ACM Symposium on Applied Computing - Seoul, Korea, Republic of
Duration: Mar 11 2007Mar 15 2007

Publication series

NameProceedings of the ACM Symposium on Applied Computing


Other2007 ACM Symposium on Applied Computing
Country/TerritoryKorea, Republic of

All Science Journal Classification (ASJC) codes

  • Software


Dive into the research topics of 'Memory-efficient content filtering hardware for high-speed intrusion detection systems'. Together they form a unique fingerprint.

Cite this