ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A pattern matching coprocessor for network security
Full text PdfPdf (1.23 MB)
Source Annual ACM IEEE Design Automation Conference archive
Proceedings of the 42nd annual Design Automation Conference table of contents
Anaheim, California, USA
SESSION: Architectures for cryptography and security applications table of contents
Pages: 234 - 239  
Year of Publication: 2005
ISBN:1-59593-058-2
Authors
Young H. Cho  University of California, Los Angeles, Los Angeles, CA
William H. Mangione-Smith  University of California, Los Angeles, Los Angeles, CA
Sponsors
ACM: Association for Computing Machinery
SIGDA: ACM Special Interest Group on Design Automation
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 21,   Downloads (12 Months): 113,   Citation Count: 12
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1065579.1065641
What is a DOI?

ABSTRACT

It has been estimated that computer network worms and virus caused the loss of over $55B in 2003. Network security system use techniques such as deep packet inspection to detect the harmful packets. While software intrusion detection system running on general purpose processors can be updated in response to new attacks. They lack the processing power to monitor gigabit networks. We present a high performance pattern matching co-processor architecture that can be used to monitor and identify a large number of intrusion signature. The design consists of a bank of pattern matchers that are used to implement a highly concurrent filter. The pattern matchers can be programmed to match multiple patterns of various lengths, and are able to leverage the existing databases of threat signatures. We have been able to program the filters to match all the payload patterns defined in the widely used Snort network intrusion detection system at a rate above 7 Gbps, with memory space left to accommodate threat signatures that become available in the future.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Gokhan Memik , Seda Ogrenci Memik , William H. Mangione-Smith, Design and Analysis of a Layer Seven Network Processor Accelerator Using Reconfigurable Logic, Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, p.131, September 22-24, 2002
 
2
Young H. Cho , Shiva Navab , William H. Mangione-Smith, Specialized Hardware for Deep Network Packet Filtering, Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications, p.452-461, September 02-04, 2002
 
3
Young H. Cho , William H. Mangione-Smith, Deep Packet Filter with Dedicated Logic and Read Only Memories, Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, p.125-134, April 20-23, 2004
 
4
Neil Desi, "Increasing Performance in High Speed NIDS: A look at Snort's Internals," Feb 2002.
 
5
David Watson , Matthew Smart , G. Robert Malan , Farnam Jahanian, Protocol scrubbing: network security through transparent flow modification, IEEE/ACM Transactions on Networking (TON), v.12 n.2, p.261-273, April 2004  [doi>10.1109/TNET.2003.822645]
 
6
Reetinder Sidhu , Viktor K. Prasanna, Fast Regular Expression Matching Using FPGAs, Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, p.227-238, April 29-May 02, 2001  [doi>10.1109/FCCM.2001.22]
 
7
B. L. Hutchings , R. Franklin , D. Carver, Assisting Network Intrusion Detection with Reconfigurable Hardware, Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, p.111, September 22-24, 2002
 
8
Ioannis Sourdis and Dionisios Pnevmatikatos, "Fast, Large-Scale String Match for a 10Gbps FPGA-based Network Intrusion Detection System," in 13th Conference on Field Programmable Logic and Applications, Lisbon, Portugal, September 2003, Springer-Verlag.
 
9
Christopher R. Clark , David E. Schimmel, Scalable Pattern Matching for High Speed Networks, Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, p.249-257, April 20-23, 2004
 
10
Zachary K. Baker , Viktor K. Prasanna, A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs, Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, p.135-144, April 20-23, 2004
 
11
Maya Gokhale , Dave Dubois , Andy Dubois , Mike Boorman , Steve Poole , Vic Hogsett, Granidt: Towards Gigabit Rate Network Intrusion Detection Technology, Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications, p.404-413, September 02-04, 2002
 
12
J.W. Lockwood, J. Moscola, M. Kulig, D. Reddick, and T. Brooks, "Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware," in Military and Aerospace Programmable Logic Device (MAPLD), Washington DC, September 2003, NASA Office of Logic Design.
 
13
Young H. Cho and William H. Mangione-Smith, "Programmable Hardware for Deep Packet Filtering on a Large Signature Set," in First IBM Watson P=ac2 Conference, Yorktown, NY, October 2004, IBM.
14
Alfred V. Aho , Margaret J. Corasick, Efficient string matching: an aid to bibliographic search, Communications of the ACM, v.18 n.6, p.333-340, June 1975  [doi>10.1145/360825.360855]

CITED BY  12
Fang Yu , T. V. Lakshman , Martin Austin Motoyama , Randy H. Katz, SSA: a power and memory efficient scheme to multi-match packet classification, Proceedings of the 2005 symposium on Architecture for networking and communications systems, October 26-28, 2005, Princeton, NJ, USA
Fang Yu , Zhifeng Chen , Yanlei Diao , T. V. Lakshman , Randy H. Katz, Fast and memory-efficient regular expression matching for deep packet inspection, Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems, December 03-05, 2006, San Jose, California, USA
Cheng-Hung Lin , Chih-Tsun Huang , Chang-Ping Jiang , Shih-Chieh Chang, Optimization of pattern matching circuits for regular expression on FPGA, IEEE Transactions on Very Large Scale Integration (VLSI) Systems, v.15 n.12, p.1303-1310, December 2007
Cheng-Hung Lin , Chih-Tsun Huang , Chang-Ping Jiang , Shih-Chieh Chang, Optimization of regular expression pattern matching circuits on FPGA, Proceedings of the conference on Design, automation and test in Europe: Designers' forum, March 06-10, 2006, Munich, Germany
Ying-Dar Lin , Kuo-Kun Tseng , Tsern-Huei Lee , Yi-Neng Lin , Chen-Chou Hung , Yuan-Cheng Lai, A platform-based SoC design and implementation of scalable automaton matching for deep packet inspection, Journal of Systems Architecture: the EUROMICRO Journal, v.53 n.12, p.937-950, December, 2007
Cheng-Hung Lin , Yu-Tang Tai , Shih-Chieh Chang, Optimization of pattern matching algorithm for memory based architecture, Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems, December 03-04, 2007, Orlando, Florida, USA
Young H. Cho , William H. Mangione-Smith, Deep network packet filter design for reconfigurable devices, ACM Transactions on Embedded Computing Systems (TECS), v.7 n.2, p.1-26, February 2008
Ivano Bonesana , Marco Paolieri , Marco D. Santambrogio, An adaptable FPGA-based system for regular expression matching, Proceedings of the conference on Design, automation and test in Europe, March 10-14, 2008, Munich, Germany
Abhishek Mitra , Walid Najjar , Laxmi Bhuyan, Compiling PCRE to FPGA for accelerating SNORT IDS, Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems, December 03-04, 2007, Orlando, Florida, USA
Kuo-Kun Tseng , Ying-Dar Lin , Tsern-Huei Lee , Yuan-Cheng Lai, Deterministic high-speed root-hashing automaton matching coprocessor for embedded network processor, ACM SIGARCH Computer Architecture News, v.35 n.3, p.36-43, June 2007
Kuo-Kun Tseng , Yuan-Cheng Lai , Ying-Dar Lin , Tsern-Huei Lee, A fast scalable automaton-matching accelerator for embedded content processors, ACM Transactions on Embedded Computing Systems (TECS), v.8 n.3, p.1-30, April 2009
Cheng-Hung Lin , Hsien-Sheng Hsiao, Hierarchical state machine architecture for regular expression pattern matching, Proceedings of the 19th ACM Great Lakes symposium on VLSI, May 10-12, 2009, Boston Area, MA, USA

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.3 SPECIAL-PURPOSE AND APPLICATION-BASED SYSTEMS


General Terms:
Design, Security


Keywords:
intrusion, network security, pattern matching, pattern search, snort

Collaborative Colleagues:
Young H. Cho: colleagues
William H. Mangione-Smith: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player