IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Packet classification on multiple fields
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
A fast string searching algorithm
Communications of the ACM
Efficient string matching: an aid to bibliographic search
Communications of the ACM
Scalable high-speed prefix matching
ACM Transactions on Computer Systems (TOCS)
Dynamic hardware plugins in an FPGA with partial run-time reconfiguration
Proceedings of the 39th annual Design Automation Conference
A String Matching Algorithm Fast on the Average
Proceedings of the 6th Colloquium, on Automata, Languages and Programming
Packet classification using multidimensional cutting
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Implementation of a Content-Scanning Module for an Internet Firewall
FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
A fast string-matching algorithm for network processor-based intrusion detection system
ACM Transactions on Embedded Computing Systems (TECS)
Deep Packet Filter with Dedicated Logic and Read Only Memories
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Scalable Pattern Matching for High Speed Networks
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
FPGA Based Network Intrusion Detection using Content Addressable Memories
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Gigabit Rate Packet Pattern-Matching Using TCAM
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Configurable string matching hardware for speeding up intrusion detection
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
Fast Regular Expression Matching Using FPGAs
FCCM '01 Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
A High Throughput String Matching Architecture for Intrusion Detection and Prevention
Proceedings of the 32nd annual international symposium on Computer Architecture
A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching
Proceedings of the 33rd annual international symposium on Computer Architecture
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices (The Morgan Kaufmann Series in Networking)
An improved algorithm to accelerate regular expression evaluation
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Implementing high-speed string matching hardware for network intrusion detection systems
Proceedings of the 16th international ACM/SIGDA symposium on Field programmable gate arrays
FPGA based string matching for network processing applications
Microprocessors & Microsystems
XFA: Faster Signature Matching with Extended Automata
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Deep packet pre-filtering and finite state encoding for adaptive intrusion detection system
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
One of the most promising techniques to detect and thwart a network attack in a network intrusion detection system is to compare each incoming packet with pre-defined attack patterns. This comparison can be performed by a pattern matching engine which has several key requirements including scalability to line rates of network traffic and easy updating of new attack patterns. Memory-based deterministic finite automata meet these requirements, however their storage requirement will grow exponentially with the number of patterns which makes it impractical for implementation. In this paper, we propose a customized memory-based pattern matching engine, whose storage requirement linearly increases with the number of patterns. The basic idea is to allocate one memory slot for each state instead of each edge of the deterministic finite automaton. To demonstrate this idea, we have developed two customized memory decoders. We evaluate them by comparing with a traditional approach in terms of programmability and resource requirements. We also examine their effectiveness for different optimized deterministic finite automata. Experimental results are presented to demonstrate the validity of our proposed approach.