Erdem, Oguzhan2024-06-122024-06-1220160045-79061879-0755https://doi.org/10.1016/j.compeleceng.2015.11.025https://hdl.handle.net/20.500.14551/24032Network intrusion detection systems (NIDSs) monitor Internet Protocol (IP) traffic to detect anomalous and malicious activities on a network. Despite the plethora of studies in this field, hardware-based string matching engines that can accommodate the advancements in optical networking technology are still in high demand. Furthermore, memory efficient data structures to store intrusion patterns have recently received a great deal of research attention. In this paper, we introduce a tree-based pattern matching (TPM) scheme that comprises a forest of Binary Search Tree (BST) data structures and an accommodating high-throughput multi-pipelined architecture for scalable string matching on hardware. To improve the resource efficiency in hardware implementations, we enhanced TPM scheme (extended-TPM) with two novel tree structures, namely BST-epsilon (BST epsilon) and hierarchical BST (H-BST). Our entire design accomplishes a memory efficiency of 1.07 bytes/char for the latest Snort dictionary. Utilizing a state-of-the-art Field Programmable Gate Arrays (FPGAs), TPM architecture can sustain a throughput of 2.7 Gbps. (C) 2015 Elsevier Ltd. All rights reserved.en10.1016/j.compeleceng.2015.11.025info:eu-repo/semantics/closedAccessString MatchingIntrusion DetectionFPGABinary TreeNIDSArticle49117133Q3WOS:0003682081000112-s2.0-84949657737Q1