Packet Header Classification for Network Intrusion Detection System Based on FPGA

Abstract

Network security is becoming a key problem in data communication via the Internet. Classifying the incoming packets on network devices is one of the ways that increases network se-curity. Packet header classification is a major strategy for secure networking and connectivity. An intrusion detection system (IDS) is necessary for network devices to protect the network's traffic. Packet classification is a mechanism used by Internet services and security tools to examine each incoming packet against predetermined rules. This paper introduces a new algorithm for packet header classification based on a field-programmable gate array (FPGA) using the finite state machine (FSM) technique. The introduced algorithm compares each header field of an incoming packet to a predefined rule stored in a block read-only memory (ROM) of the FPGA chip to identify matches and then executes certain snort rules to classify them. The selected FPGA platform in this work exhibited high processing speed, particularly in digital system design. The presented algorithm was written using Verilog programming language and executed in Xilinx Vivado 18.2 software. The final program was uploaded to the Artix-7 FPGA development board. The simulation results demonstrated that the developed algorithm successfully classified the incoming packets as required with a maximum throughput that reached 100 Mbps. © 2022 IEEE.