With the appearance of Gigabit network infrastructures, a typical network intrusion detection system (NIDS) has to cope with the network bandwidth. Otherwise, some suspicious packets may not be detected and the whole network is vulnerable. By examining each packet flowing through a network segment, suspicious packets are detected and reported to ensure network against intrusion. Up to 57% of the execution time in Snort, an NIDS implemented in software, is found to involve string comparisons against a predefined/known pattern set. It is the string matching that dominates the performance of an NIDS. Furthermore, our study shows that the NIDS running Snort, typically I/O bound, is threshing when the bit rate is increased to 55 Mbps. Thus, it creates a need to implement a Gigabit performance NIDS with hardware support. We propose a hardware-assisted NIDS by mapping string comparison routines into reconfigurable hardware such as Field Programmable Gate Arrays (FPGA). The idea is to combine the existing promiscuous mode of a network interface card with the highly parallel hardware pattern matching engine which gives CPU to perform other computations. Therefore, the performance of NIDS can be enhanced.

This project is supported by the Center for Infrastructure Assurance and Security at UTSA and US Air Force under grant #26-0200-62 since 6/1/2004.

Journal Publication:

1. Chia-Tien Dan Lo, "A Very Fast String Matching Algorithm for Network Intrusion Detection," submitted to the IEEE Transactions on Very Large Scale Integration Systems.
2. Huang-Chun Roan, Wen-Jyi Hwang, Chia-Tien Dan Lo, and Wei-Jhih Huang, "Network Intrusion Detection Based on Shift-OR Circuit," accepted to the journal of information science and engineering (JISE).
3. Chia-Tien Dan Lo, Yi-Gang Tai, and Kleanthis Psarris, "FPGA-Based Hardware Acceleration on I/O-Bound Scientific Applications," in the WSEAS Transactions on Computers, Vol. 5, No. 12, pp. 2977-2983, December 2006. 
4. C. D. Lo, W. Srisa-an, and J. M. Chang, "Security Issues in Garbage Collection," in Special Issue: Ensuring Secure Software, CrossTalk, the Journal of Defense Software Engineering, October 2005, Vol. 18, No. 10., http://www.stsc.hill.af.mil/crosstalk/2005/10/index.html

Conference Publication:

1. Chia-Tien Dan Lo, Yi-Gang Tai, Kleanthis Psarris, and Wen-Jyi Hwang, "Super Fast Hardware String Matching," 2006 IEEE International Conference on Field Programmable Technology, December 13-15, Bangkok Thailand, 2006, pp. 385 - 388.
2. Huang-Chun Roan, Wen-Jyi Hwang, and Chia-Tien Dan Lo, "Shift-Or Circuit for Efficient Network Intrusion Detection Pattern Matching," in the 16th International Conference on Field Programmable Logic and Applications (FPL 2006), Madrid, SPAIN, August 28-30, 2006, pp. 785 - 790.
3. Huang-Chun Roan, Wen-Jyi Hwang, and Chia-Tien Dan Lo, "Shift-Or Circuit for Efficient Network Intrusion Detection Pattern Matching" in the 2006 International Conference on Embedded and Ubiquitous Computing, Aug. 1-4, Korea.
4. Chia-Tien Dan Lo, and Luis Ignacio Ortiz Villasenor, "A New Worm Traffic Generator," in the 2006 South Central Information Security Symposium (SCISS '06), April 21, 2006 in Houston, Texas, USA. 
5. T. Ramirez and C. D. Lo, "Pattern Reduction and Circuit Design for Hardware-Supported Network Intrusion Detection," in the 6th IEEE Information Assurance Workshop, "The West Point Workshop," 15-17 June 2005, United States Military Academy, West Point, New York, USA.
6. C. D. Lo, "Making Garbage Collection Dependable through a Run-Time Monitor," in the 6th IEEE Information Assurance Workshop, "The West Point Workshop," 15-17 June 2005, United States Military Academy, West Point, New York, USA.
7. T. Ramirez and C. D. Lo, "Pattern Reduction and Circuit Design for Hardware Supported Distributed Network Intrusion Detection System," in the 2005 South Central Information Security Symposium (SCISS '05), April 30, 2005 in Austin, Texas, USA.
8. T. Ramirez and C. D. Lo, "Rule Set Decomposition for Hardware Network Intrusion Detection," in the 2004 International Computer Symposium (ICS 2004), Dec. 15-17, 2004, Taipei, Taiwan.
9. C. D. Lo, “Hardware-Assisted Network-Based Intrusion Detection,” in the International Conference on Informatics, Cybernetics and Systems, December 14-16, 2003, Kaohsiung, Taiwan.
10. C. D. Lo and M. Kato, "Hardware/Software Co-Design in supporting Security in Embedded Java," The South Central Information Security Symposium, SCISS 2003, April 11-12.

Thesis:

1. Timothy Ramirez, "Pattern Reduction and Circuit Design for Hardware Supported Network Intrusion Detection," Master Thesis, Department of Computer Science, University of Texas at San Antonio, 2005.
2. Srikan Gottumukkala, "Performance Evaluation on a New String Matching Algorithm for Network Intrusion Detection," Master Thesis, Department of Computer Science, University of Texas at San Antonio, 2007. [Zipped]
3. LuisIgnacio Ortiz Villasenor, "A New Worm Traffic Generator," Master Thesis, Department of Computer Science, University of Texas at San Antonio, 2007. [Zipped]