Reprogrammable network packet processing on the field programmable port extender (FPX)
FPGA '01 Proceedings of the 2001 ACM/SIGDA ninth international symposium on Field programmable gate arrays
Specialized Hardware for Deep Network Packet Filtering
FPL '02 Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications
Implementation of a Content-Scanning Module for an Internet Firewall
FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Time and area efficient pattern matching on FPGAs
FPGA '04 Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays
Saving Power by Mapping Finite-State Machines into Embedded Memory Blocks in FPGAs
Proceedings of the conference on Design, automation and test in Europe - Volume 2
A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Fast Regular Expression Matching Using FPGAs
FCCM '01 Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
A pattern matching coprocessor for network security
Proceedings of the 42nd annual Design Automation Conference
A High Throughput String Matching Architecture for Intrusion Detection and Prevention
Proceedings of the 32nd annual international symposium on Computer Architecture
Performance Characterization of a 10-Gigabit Ethernet TOE
HOTI '05 Proceedings of the 13th Symposium on High Performance Interconnects
Optimization of regular expression pattern matching circuits on FPGA
Proceedings of the conference on Design, automation and test in Europe: Designers' forum
A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching
Proceedings of the 33rd annual international symposium on Computer Architecture
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Regular Expression Matching in Reconfigurable Hardware
Journal of Signal Processing Systems
Synthesis of regular expressions targeting FPGAs: current status and open issues
ARC'07 Proceedings of the 3rd international conference on Reconfigurable computing: architectures, tools and applications
Compact architecture for high-throughput regular expression matching on FPGA
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Efficient regular expression evaluation: theory to practice
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
A scalable multithreaded L7-filter design for multi-core servers
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Extending finite automata to efficiently match Perl-compatible regular expressions
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
A Performance Model for Run-Time Reconfigurable Hardware Accelerator
APPT '09 Proceedings of the 8th International Symposium on Advanced Parallel Processing Technologies
Performance evaluation comparison of Snort NIDS under Linux and Windows Server
Journal of Network and Computer Applications
Software toolchain for large-scale RE-NFA construction on FPGA
International Journal of Reconfigurable Computing - Special issue on selected papers from ReConFig 2008
A modular NFA architecture for regular expression matching
Proceedings of the 18th annual ACM/SIGDA international symposium on Field programmable gate arrays
IP routing processing with graphic processors
Proceedings of the Conference on Design, Automation and Test in Europe
Range hash for regular expression pre-filtering
Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Evaluating regular expression matching engines on network and general purpose processors
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Improving NFA-based signature matching using ordered binary decision diagrams
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Complex event detection at wire speed with FPGAs
Proceedings of the VLDB Endowment
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Experiences with string matching on the fermi architecture
ARCS'11 Proceedings of the 24th international conference on Architecture of computing systems
Fast, memory-efficient regular expression matching with NFA-OBDDs
Computer Networks: The International Journal of Computer and Telecommunications Networking
MIDeA: a multi-parallel intrusion detection architecture
Proceedings of the 18th ACM conference on Computer and communications security
PeRex: A Power Efficient FPGA-based Architecture for Regular Expression Matching
GREENCOM '11 Proceedings of the 2011 IEEE/ACM International Conference on Green Computing and Communications
400 Gb/s Programmable Packet Parsing on a Single FPGA
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
Pattern-unit based regular expression matching with reconfigurable function unit
ICCSA'10 Proceedings of the 2010 international conference on Computational Science and Its Applications - Volume Part IV
Scalable lookahead regular expression detection system for deep packet inspection
IEEE/ACM Transactions on Networking (TON)
Kargus: a highly-scalable software-based intrusion detection system
Proceedings of the 2012 ACM conference on Computer and communications security
Wire-speed statistical classification of network traffic on commodity hardware
Proceedings of the 2012 ACM conference on Internet measurement conference
GPP-Grep: high-speed regular expression processing engine on general purpose processors
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
An efficient parallelized L7-filter design for multicore servers
IEEE/ACM Transactions on Networking (TON)
A-DFA: A Time- and Space-Efficient DFA Compression Algorithm for Fast Regular Expression Evaluation
ACM Transactions on Architecture and Code Optimization (TACO)
Designing a Programmable Wire-Speed Regular-Expression Matching Accelerator
MICRO-45 Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture
Stream-Mode FPGA acceleration of complex pattern trajectory querying
SSTD'13 Proceedings of the 13th international conference on Advances in Spatial and Temporal Databases
ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems
Exploring the design space of programmable regular expression matching accelerators
Journal of Systems Architecture: the EUROMICRO Journal
A regular expression matching engine with hybrid memories
Computer Standards & Interfaces
| Hi-index | 0.00 |
Deep Payload Inspection systems like SNORT and BRO utilize regular expression for their rules due to their high expressibility and compactness. The SNORT IDS system uses the PCRE Engine for regular expression matching on the payload. The software based PCRE Engine utilizes an NFA engine based on certain opcodes which are determined by the regular expression operators in a rule. Each rule in the SNORT ruleset is translated by PCRE compiler into an unique regular expression engine. Since the software based PCRE engine can match the payload with a single regular expression at a time, and needs to do so for multiple rules in the ruleset, the throughput of the SNORT IDS system dwindles as each packet is processed through a multitude of regular expressions. In this paper we detail our implementation of hardware based regular expression engines for the SNORT IDS by transforming the PCRE opcodes generated by the PCRE compiler from SNORT regular expression rules. Our compiler generates VHDL code corresponding to the opcodes generated for the SNORT regular expression rules. We have tuned our hardware implementation to utilize an NFA based regular expression engine, using greedy quantifiers, in much the same way as the software based PCRE engine. Our system implements a regular expression only once for each new rule in the SNORT ruleset, thus resulting in a fast system that scales well with new updates. We implement two hundred PCRE engines based on a plethora of SNORT IDS rules, and use a Virtex-4 LX200 FPGA, on the SGI RASC RC 100 Blade connected to the SGI ALTIX 4700 supercomputing system as a testbed. We obtain an interface through-put of (12.9 GBits/s) and also a maximum speedup of 353X over software based PCRE execution.