Hardware assisted intrusion detection systems and content scanningengines are required in order to process data at multi-gigabitline rates. In addition, systems placed within the core of theInternet are subjected to millions of simultaneous flows, witheach flow potentially containing data of interest. IDS systems arenot capable of processing large numbers of flows at high datarates.This paper proposes an architecture which is capable of performingcomplete, stateful, payload inspections on millions of TCP flowsat gigabit line rates. To accomplish this task, we propose ahardware circuit that combines a TCP protocol processing engine, aper flow state store, and a content scanning engine.
Keywords:
Protocol processing hardware
High speed packet processing engines
Network security technologies