Multilevel Pattern Matching Architecture for Network Intrusion Detection and Prevention System

Authors:
Tian Song;Zhizhong Tang;Dongsheng Wang
Affiliations:
Department of Computer Science and Technology, Tsinghua University, Beijing, P.R. China;Department of Computer Science and Technology, Tsinghua University, Beijing, P.R. China;Department of Computer Science and Technology, Tsinghua University, Beijing, P.R. China
Venue:
ICESS '07 Proceedings of the 3rd international conference on Embedded Software and Systems
Year:
2007

Citing 12
Cited 0

A fast string searching algorithm

Communications of the ACM
Efficient string matching: an aid to bibliographic search

Communications of the ACM
Fast Content-Based Packet Handling for Intrusion Detection

Fast Content-Based Packet Handling for Intrusion Detection
Implementation of a Content-Scanning Module for an Internet Firewall

FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Deep Packet Filter with Dedicated Logic and Read Only Memories

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Scalable Pattern Matching for High Speed Networks

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Fast Regular Expression Matching Using FPGAs

FCCM '01 Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
A High Throughput String Matching Architecture for Intrusion Detection and Prevention

Proceedings of the 32nd annual international symposium on Computer Architecture
High-throughput linked-pattern matching for intrusion detection systems

Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Alphabet Based Selected Character Decoding for Area Efficient Pattern Matching Architecture on FPGAs

ICESS '05 Proceedings of the Second International Conference on Embedded Software and Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Pattern matching is one of the most performance critical components in network intrusion detection and prevention system, which needs to be accelerated by carefully designed architectures. In this paper, we present a highly parameterized multilevel pattern matching architecture (MPM), which is implemented on FPGA by exploiting redundant resources among patterns for less chip area. In practice, MPM can be partitioned to several pipelines for high frequency. This paper also presents a pattern set compiler that can generate RTL codes of MPM with the given pattern set and predefined parameters. One MPM architecture is generated by our compiler based on Snort rules on Xilinx FPGA. The results show that MPM can achieve 4.3Gbps throughput with only 0.22 slices per character, about one half chip area than the most area-efficient architecture in literature. MPM can be parameterized potential for more than 100 Gbps throughput.