Problems of increasing efficiency of NIDS by using implementing methods packet classifications on FPGA

摘要

Packet classification is important mechanism for secure communication and networking. Secure tools and internet services use packet classification mechanisms which involves checking of packets against predefined rules stored in a classifier. The performance of the available software solutions of classification is not desirable and efficient for wire speed processing in high speed networks. The ability to promptly update the supported rule sets and detect new emerging attacks makes Field Programmable Gate Arrays (FPGAs) a very appealing technology. An important issue is how to scale FPGA-based NIDS implementations to ever faster network links. Instead of purely splitting traffic across equivalent modules, classify and group of the same kind traffic, and dispatch it to differently capable hardware units, each supporting a (smaller) rule set tailored to the specific traffic category. The proposed architecture for packet analyzing consists of two important tasks: 1) use efficient algorithms packet classifying, 2) high rate of packet processing for analyzing payloads. In this paper special attention noted on the increase of efficiency of packet classification mechanisms. Proposed architecture for the networks, which speed is limited up to 100 Gbps allows using CAM, TCAM, and SRAM memory technologies.