Fast text searching: allowing errors
Communications of the ACM
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
A fast string searching algorithm
Communications of the ACM
Efficient string matching: an aid to bibliographic search
Communications of the ACM
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
A fast string-matching algorithm for network processor-based intrusion detection system
ACM Transactions on Embedded Computing Systems (TECS)
Optimization of regular expression pattern matching circuits on FPGA
Proceedings of the conference on Design, automation and test in Europe: Designers' forum
A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching
Proceedings of the 33rd annual international symposium on Computer Architecture
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Efficient memory utilization on network processors for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
The shunt: an FPGA-based accelerator for network intrusion prevention
Proceedings of the 2007 ACM/SIGDA 15th international symposium on Field programmable gate arrays
Rethinking hardware support for network analysis and intrusion prevention
HOTSEC'06 Proceedings of the 1st USENIX Workshop on Hot Topics in Security
Synthesis of regular expressions targeting FPGAs: current status and open issues
ARC'07 Proceedings of the 3rd international conference on Reconfigurable computing: architectures, tools and applications
Fast and Scalable Pattern Matching for Network Intrusion Detection Systems
IEEE Journal on Selected Areas in Communications
Compact architecture for high-throughput regular expression matching on FPGA
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Acceleration of decision tree searching for IP traffic classification
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
A scalable multithreaded L7-filter design for multi-core servers
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
MultiLayer processing - an execution model for parallel stateful packet processing
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
CAFE: a configurable packet forwarding engine for data center networks
Proceedings of the 2nd ACM SIGCOMM workshop on Programmable routers for extensible services of tomorrow
A modular NFA architecture for regular expression matching
Proceedings of the 18th annual ACM/SIGDA international symposium on Field programmable gate arrays
Distributed intrusion detection with intelligent network interfaces for future networks
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Deterministic finite automata characterization and optimization for scalable pattern matching
ACM Transactions on Architecture and Code Optimization (TACO)
Software architecture for a lightweight payload signature-based traffic classification system
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
PeRex: A Power Efficient FPGA-based Architecture for Regular Expression Matching
GREENCOM '11 Proceedings of the 2011 IEEE/ACM International Conference on Green Computing and Communications
| Hi-index | 0.00 |
Deep Packet Inspection (DPI)has been widely adopted in detecting network threats such as intrusion, viruses and spam. It is challenging, however, to achieve high speed DPI due to the expanding rule sets and ever increasing line rates. A key issue is that the size of the finite automata falls beyond the capacity of on-chip memory thus incurring expensive off-chip accesses. In this paper we present DPICO a hardware based DPI engine that utilizes novel techniques to minimize the storage requirements for finite automata. The techniques proposed are modified content addressable memory (mCAM), interleaved memory banks, and data packing. The experiment results show the scalable performance of DPICO can achieve up to 17.7 Gbps throughput using a contemporary FPGA chip. Experiment data also show that a DPICO based accelerator can improve the pattern matching performance of a DPI server by up to 10 times.