Optimization of pattern matching algorithm for memory based architecture

Authors:
Cheng-Hung Lin;Yu-Tang Tai;Shih-Chieh Chang
Affiliations:
National Tsing Hua University, Taiwan, R.O.C;National Tsing Hua University, Taiwan, R.O.C;National Tsing Hua University, Taiwan, R.O.C
Venue:
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Year:
2007

Citing 11
Cited 2

Efficient string matching: an aid to bibliographic search

Communications of the ACM
Assisting Network Intrusion Detection with Reconfigurable Hardware

FCCM '02 Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Implementation of a Content-Scanning Module for an Internet Firewall

FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Scalable Pattern Matching for High Speed Networks

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Configurable string matching hardware for speeding up intrusion detection

ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
Fast Regular Expression Matching Using FPGAs

FCCM '01 Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
A pattern matching coprocessor for network security

Proceedings of the 42nd annual Design Automation Conference
A High Throughput String Matching Architecture for Intrusion Detection and Prevention

Proceedings of the 32nd annual international symposium on Computer Architecture
Fast and scalable pattern matching for content filtering

Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Performance of FPGA implementation of bit-split architecture for intrusion detection systems

IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing

Performance evaluation comparison of Snort NIDS under Linux and Windows Server

Journal of Network and Computer Applications
A modular NFA architecture for regular expression matching

Proceedings of the 18th annual ACM/SIGDA international symposium on Field programmable gate arrays

Quantified Score

Hi-index	0.00

Visualization

Abstract

Due to the advantages of easy re-configurability and scalability, the memory-based string matching architecture is widely adopted by network intrusion detection systems (NIDS). In order to accommodate the increasing number of attack patterns and meet the throughput requirement of networks, a successful NIDS system must have a memory-efficient pattern-matching algorithm and hardware design. In this paper, we propose a memory-efficient pattern-matching algorithm which can significantly reduce the memory requirement. For total Snort string patterns, the new algorithm achieves 29% of memory reduction compared with the traditional Aho-Corasick algorithm [5]. Moreover, since our approach is orthogonal to other memory reduction approaches, we can obtain substantial gain even after applying the existing state-of-the-art algorithms. For example, after applying the bit-split algorithm [9], we can still gain an additional 22% of memory reduction.