FPGA based CAM architecture string matching for network intrusion detection

Abstract

String matching for network processing is the method of analyzing if a particular pattern or signature is observed in the received packet or data. Executing string matching with software approaches could not meet multi-giga bandwidth specifications and very time consuming. A hardware string matching able to speed up the string matching process significantly. The focus of this project is to present hardware CAMs (Content Addressable Memories) based string matching to perform pattern searching process for network intrusion detection (NIDS) applications on Field Programmable Gate Array (FPGA). The hardware pattern matching system is designed and developed in Verilog RTL language targeting the Altera Stratix-III FPGA. The developed string matching system is simulated with Snort NIDS ruleset. Its results are evaluated in terms of the string matching delay and resource utilization. The algorithm is compatible to support flexible signature length and different number of signature sets requirements. The CAM based string matching architecture can be extended to support parallel signatures searching and approximate string matching.