Abstract

In this paper we consider a new approach to network intrusion detection. Conventional network intrusion detection systems (NIDS) are software based. We propose to selectively implement portions of the functionality of a state-of-the-art software NIDS in reconfigurable hardware. This increases performance even under hostile loads and will enable efficient intrusion detection in future multi-gigabit networks. Specifically, we consider the problem of TCP-stream reassembly. We present a high-performance TCP stream reassembly and state tracking module targeted for incorporation into an agile reconfigurable network interface based on Xilinx Virtex technology.