Abstract
Abstract
This work deals with off-loading some critical parts in the process of performing intrusion detection from software to reconfigurable hardware (FPGA). Signatures of known attacks must typically be compared to high speed network traffic, and string matching becomes a bottleneck. Content Addressable Memories (CAMs) are known to be fast string matchers, but offer little flexibility. For that purpose a Variable Word-Width CAM for fast string matching has been designed and implemented in an FPGA. A typical feature for this CAM is that the length of each word is independent from the others, in contrast to common CAMs where all words have the same length. To be able to effectively reconfigure the CAM, a software technique has been developed for creating the VHDL code. The CAM design has been simulated with Model Technology ModelSim 5.6f, and synthesized by Xilinx ISE 6.1.03i. It was then loaded into a Virtex-II Pro (P7) FPGA. The design has been functionally tested on a development board for a CAM of size 1822 bytes (128 words). This design processes 8 bits per clock cycle and has a reported maximum clock speed of 100 MHz. This gives a throughput of 800 Mbit/s. One important part of this work has also been to develop circuits for hardware testing purposes.