Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
The Compilation of Regular Expressions into Integrated Circuits
Journal of the ACM (JACM)
Assisting Network Intrusion Detection with Reconfigurable Hardware
FCCM '02 Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Implementation of a Content-Scanning Module for an Internet Firewall
FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Scalable Pattern Matching for High Speed Networks
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Fast Regular Expression Matching Using FPGAs
FCCM '01 Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Optimization of regular expression pattern matching circuits on FPGA
Proceedings of the conference on Design, automation and test in Europe: Designers' forum
A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching
Proceedings of the 33rd annual international symposium on Computer Architecture
Synthesis of regular expressions targeting FPGAs: current status and open issues
ARC'07 Proceedings of the 3rd international conference on Reconfigurable computing: architectures, tools and applications
| Hi-index | 0.00 |
Signature based network intrusion detection systems (NIDS) rely on an underlying string matching engine that inspects each network packet against a known malicious pattern database. Traditional static pattern descriptions may not efficiently represent sophisticated attack signatures. Recently, most NIDSs have adopted regular expressions such as Perl compatible regular expressions (PCREs) to describe an attack signature, especially for polymorphic worms. PCRE is a superset of traditional regular expression, in which no counters are involved. However, this overloads the performance of software-based NIDSs, causing a big portion of their execution time to be dedicated to pattern matching. Over the past decade, hardware acceleration for the pattern matching has been studied extensively and a marginal performance has been achieved. Among hardware approaches, FPGA-based acceleration engines provide great flexibility because new signatures can be compiled and programmed into their reconfigurable architecture. As more and more malicious signatures are discovered, it becomes harder to map a complete set of malicious signatures specified in PCREs to an FPGA chip. Even worse is that the counters used in PCREs typically take a great deal of hardware resources. Therefore, we propose a space efficient SelectRAM counter for PCREs that involve counting. The design takes advantage of components that consist of a configurable logic block, and thus optimizes space usage. A set of PCRE blocks has been built in hardware to implement PCREs used in Snort/Bro. Experimental results show that the proposed sheme outperforms existing designs by at least 5-fold. Performance results are reported in this paper.