This project presents an approach to increase the performance of intrusion detection and prevention by using dedicated hardware. The most demanding challenge of intrusion detection is payload inspection, i.e. examining the actual data content of network packets. The open-source intrusion detection system Snort facilitates the use of Perl Compatible Regular Expressions (PCRE) to describe patterns for payload data matching. This project provides a way of implementing a large number of PCRE-based Snort rules in parallel on a Field Programmable Gate Array thus providing a substantial increase in performance.
Michael Dyrmose, M.Sc.