Audio
Interfaces
Peripherals and Logic
Power Management
Sensors
RF
RFID/NFC
Security and Authentication
Wireless Connectivity
Browse all products
Product Information
Application-Specific Products
NXP Community
Design ideas, demo videos, quality answers. Connect with NXP professionals and other knowledgeable designers ready to help.
Design Resources
Software, documentation, evaluation tools. The resources to build comprehensive solutions and accelerate your time to market.
Access our design resource library
Careers at NXP
We're always looking for passionate and talented people to work with us.
Join our teamSignature Detection Technology
Signature Detection is the underlying technology behind Intrusion Detection, Intrusion Prevention (IDS/IPS), and Application Recognition systems. Signatures are patterns, which when matched, indicate the system should apply designated security or QoS policies. There are two primary classes of security signatures:
Behavioral Signatures
Behavioral signatures are anomalies against actions normally taken by a system. In networking systems, the signature may be a sudden onset of high volume traffic from a Human Resources server to an external IP address.Behavioral signature methods require significant CPU performance, as the task of maintaining a baseline of "normal" traffic and discerning malicious intent from changes to the baseline requires multiple algorithms which may be tweaked on a regular basis. As a result, hardware accelerators and ASICs have limited utility beyond off-loading initial flow classification.
Data Signatures
Data signatures are reducible to binary strings which can be located by scanning the data, either in software or with specialized hardware accelerators. The major complexity in detecting binary strings is dealing with strings that are deliberately spread over multiple network datagrams, contain multiple character options (capitalization), or otherwise include wildcards. The language for defining data signatures is known as Regular Expressions and accelerators which scan data for signatures based on regular expression rules are often referred to as RegEx Engines.
Pattern Matching Engine
Many of Our QorIQ communications processors integrate a RegEx engine called the Pattern Matching Engine (PME).
Advantages of the NXP PME include:
- NFA implementation, with fast pre-scan to determine which NFAs to execute on which portions of the scanned data
- Fast compilation of pattern database, with fast incremental additions and updates
- Patterns stored in main DDR DRAM, no requirement for expensive specialty memories
- On-chip hash tables for low system memory utilization, removing need for costly low-latency memory technologies
The PME also provides a Stateful Rule Engine (SRE) that allows the user to describe stateful relationships between patterns. This stateful rule capability provides significant additional capabilities beyond simple pattern matching.
Some of the applications which performance can be accelerated by leveraging the pattern matching engine include:
- Residential Gateway Systems
- Unified Threat Management
- Intrusion Prevention Systems
- Security Network Storage
Performance of a deep packet inspection software stack was accelerated two-fold by using the pattern matching engine on the P2041.
Signature Detection Technology
Signature Detection Technology
