An empirical study on performance and speed up in fpga based network intrusion detection

Abstract

Network Intrusion Detection System (NIDS) has been emerging as newlinean important detection tool for the impact of malicious threats and newlinevulnerabilities in network security. It is a software application that monitors a newlinenetwork or system for malicious activity or policy violations. Snort is an newlineintrusion detection system that scans all the packets in a network and newlinecompares them against signatures specified in payloads of known malicious newlinethreats. Performance of snort can be reduced by processing large database of newlineinput text. It could be increased using FPGA hardware design through parallel newlineprocessing. In this research, a robust methodology for improving newlineperformance and speedup of NIDS has been presented. It can be seen as a newlinevital step in the development of network security. What is presented is a new, newlinefast, and fully performance and speedup algorithm developed by string newlinematching and editing bitmap files approach respectively for efficient Network newlineIntrusion Detection System.First, the performance is calculated by throughput per area. Here, newlinethe throughput is designed to adopt working frequency multiplied by number newlineof bits per cycle. It is then implemented in a hardware based NIDS using newlineFPGA and is designed as the function of software based NIDS (Snort), in newlineorder to get a better performance. String matching is achieved using the newlinebuffered input Boyer-Moore algorithm to get parallel input in content newlinematching on IDEs. Efficiency of IDS and their effect on the performance are newlineconsidered. The proposed performance is obtained using Xilinx Vivado newline newline