Self-addressable memory-based FSM: a scalable intrusion detection engine

Authors:
Benfano Soewito;Lucas Vespa;Atul Mahaian;Ning Weng;Haibo Wang
Affiliations:
Southern Illinois University;Southern Illinois University;Southern Illinois University;Southern Illinois University;Southern Illinois University
Venue:
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
Year:
2009

Citing 8
Cited 6

Efficient string matching: an aid to bibliographic search

Communications of the ACM
A String Matching Algorithm Fast on the Average

Proceedings of the 6th Colloquium, on Automata, Languages and Programming
Specialized Hardware for Deep Network Packet Filtering

FPL '02 Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications
Configurable string matching hardware for speeding up intrusion detection

ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
A High Throughput String Matching Architecture for Intrusion Detection and Prevention

Proceedings of the 32nd annual international symposium on Computer Architecture
A Parallel Automaton String Matching with Pre-Hashing and Root-Indexing Techniques for Content Filtering Coprocessor

ASAP '05 Proceedings of the 2005 IEEE International Conference on Application-Specific Systems, Architecture Processors
Packet pre-filtering for network intrusion detection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Deep Packet Inspection using Parallel Bloom Filters

IEEE Micro

Theoretic analysis of finite automata for memory-based pattern matching

Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Deterministic finite automata characterization and optimization for scalable pattern matching

ACM Transactions on Architecture and Code Optimization (TACO)
Deep packet pre-filtering and finite state encoding for adaptive intrusion detection system

Computer Networks: The International Journal of Computer and Telecommunications Networking
String alignment pre-detection using unique subsequences for FPGA-based network intrusion detection

Computer Communications
Predictive pattern matching for scalable network intrusion detection

ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Deterministic finite automata characterization for memory-based pattern matching

ICICS'09 Proceedings of the 11th international conference on Information and Communications Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

One way to detect and thwart a network attack is to compare each incoming packet with predefined patterns, also called an attack pattern database, and raise an alert upon detecting a match. This article presents a novel pattern-matching engine that exploits a memory-based, programmable state machine to achieve deterministic processing rates that are independent of packet and pattern characteristics. Our engine is a self-addressable memory-based finite state machine (SAMFSM), whose current state coding exhibits all its possible next states. Moreover, it is fully reconfigurable in that new attack patterns can be updated easily. A methodology was developed to program the memory and logic. Specifically, we merge "non-equivalent" states by introducing "super characters" on their inputs to further enhance memory efficiency without adding labels. SAM-FSM is one of the most storage-efficient machines and reduces the memory requirement by 60 times. Experimental results are presented to demonstrate the validity of SAM-FSM.