High-Speed Signature Matching in Network Interface Device using Bloom Filters

Network intrusion detection systems play a critical role in protecting the information infrastructure of an organization. Due to the sophistication and complexity of techniques used for the analysis they are commonly based on general-purpose workstations. Although cost-efficient, these general-purpose systems are found to be inadequate as they fail to perform efficiently at high packet rates. The resulting packet loss degrades the system’s overall effectiveness, as the analyzing capability of the system is reduced. It has been found that the performance of these systems can be improved significantly by filtering out unwanted packets. This paper presents the design of a Programmable Ethernet Interface Card that is used to offload signature matching from software and thereby improve the detection ratio and performance of the system.