|
 ABSTRACT
Pattern matching for network security and intrusion detection demands exceptionally high performance. Much work has been done in this field, and yet there is still significant room for improvement in efficiency, flexibility, and throughput. We develop a novel linear-array string matching architecture using a buffered, two-comparator variation on the Knuth-Morris-Pratt(KMP) algorithm. For small (16 or fewer characters) patterns, it competes favorably with the state-of-the-art while providing better scalability and reconfiguration, and more efficient hardware utilization. The area efficiency compared to other approaches improves further still as the pattern size increases because only the tables increase in size.KMP is a well-known, efficient string matching technique using a single comparator and a precomputed transition table. We add a second comparator and an input buffer, allowing the system to accept at least one character in each cycle and terminate after a number of clock cycles at maximum equal to the length of the input string plus the size of the buffer. The system also provides a clean, modular route to reconfiguring the patterns on-the-fly and scaling the system to support more units, using several rows of linear array elements. In this paper, we prove the bound on the buffer size and running time, and provide performance comparisons against other approaches.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Global Velocity, http://www.globalvelocity.info/, 2003.
|
| |
2
|
|
| |
3
|
S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. Lockwood. Implementation of a Deep Packet Inspection Circuit using Parallel Bloom Filters in Reconfigurable Hardware. In Proceedings of HOTi03, 2003.
|
| |
4
|
Maya Gokhale , Dave Dubois , Andy Dubois , Mike Boorman , Steve Poole , Vic Hogsett, Granidt: Towards Gigabit Rate Network Intrusion Detection Technology, Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications, p.404-413, September 02-04, 2002
|
| |
5
|
|
| |
6
|
D.E. Knuth, J. Morris, and V.R. Pratt. Fast Pattern Matching in Strings. In SIAM Journal on Computing, 1977.
|
| |
7
|
C. E. Leiserson and J. B. Saxe. Retiming Synchronous Circuitry. Technical Report~13, Digital Systems Research Center, 1986.
|
| |
8
|
|
 |
9
|
Reetinder P. S. Sidhu , Alessandro Mei , Viktor K. Prasanna, String matching on multicontext FPGAs using self-reconfiguration, Proceedings of the 1999 ACM/SIGDA seventh international symposium on Field programmable gate arrays, p.217-226, February 21-23, 1999, Monterey, California, United States
[doi> 10.1145/296399.296463]
|
| |
10
|
|
| |
11
|
Sourcefire. Snort: The Open Source Network Intrusion Detection System. http://www.snort.org, 2003.
|
| |
12
|
I. Sourdis and D. Pnevmatikatos. Fast, Large-Scale String Match for a 10Gbps FPGA-Based Network Intrusion Detection System. In Proceedings of FPL2003, 2003.
|
| |
13
|
|
CITED BY 22
|
|
|
|
|
|
|
|
|
|
|
Fang Yu , T. V. Lakshman , Martin Austin Motoyama , Randy H. Katz, SSA: a power and memory efficient scheme to multi-match packet classification, Proceedings of the 2005 symposium on Architecture for networking and communications systems, October 26-28, 2005, Princeton, NJ, USA
|
|
|
|
|
|
Fang Yu , Zhifeng Chen , Yanlei Diao , T. V. Lakshman , Randy H. Katz, Fast and memory-efficient regular expression matching for deep packet inspection, Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems, December 03-05, 2006, San Jose, California, USA
|
|
|
|
|
|
Cheng-Hung Lin , Chih-Tsun Huang , Chang-Ping Jiang , Shih-Chieh Chang, Optimization of regular expression pattern matching circuits on FPGA, Proceedings of the conference on Design, automation and test in Europe: Designers' forum, March 06-10, 2006, Munich, Germany
|
|
|
|
|
|
Ying-Dar Lin , Kuo-Kun Tseng , Tsern-Huei Lee , Yi-Neng Lin , Chen-Chou Hung , Yuan-Cheng Lai, A platform-based SoC design and implementation of scalable automaton matching for deep packet inspection, Journal of Systems Architecture: the EUROMICRO Journal, v.53 n.12, p.937-950, December, 2007
|
|
|
|
|
|
|
|
|
Eric J. Kelmelis , John R. Humphrey , James P. Durbano , Fernando E. Ortiz, High-performance computing with desktop workstations, Proceedings of the 10th WSEAS International Conference on APPLIED MATHEMATICS, p.83-88, November 01-03, 2006, Dallas, Texas
|
|
|
|
|
|
|
|
|
Atul Mahajan , Benfano Soewito , Sai K. Parsi , Ning Weng , Haibo Wang, Implementing high-speed string matching hardware for network intrusion detection systems, Proceedings of the 16th international ACM/SIGDA symposium on Field programmable gate arrays, February 24-26, 2008, Monterey, California, USA
|
|
|
Abhishek Das , Sanchit Misra , Sumeet Joshi , Joseph Zambreno , Gokhan Memik , Alok Choudhary, An efficient FPGA implementation of principle component analysis based network intrusion detection system, Proceedings of the conference on Design, automation and test in Europe, March 10-14, 2008, Munich, Germany
|
|
|
|
|
|
Hai Jin , Guofu Xiang , Feng Zhao , Deqing Zou , Min Li , Lei Shi, VMFence: a customized intrusion prevention system in distributed virtual computing environment, Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication, January 15-16, 2009, Suwon, Korea
|
|
|
|
|
|
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
C.3