Fast text searching: allowing errors
Communications of the ACM
Efficient Hardware Hashing Functions for High Performance Computers
IEEE Transactions on Computers
Efficient string matching: an aid to bibliographic search
Communications of the ACM
Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Gigabit Rate Packet Pattern-Matching Using TCAM
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Configurable string matching hardware for speeding up intrusion detection
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
A pattern matching coprocessor for network security
Proceedings of the 42nd annual Design Automation Conference
Bit-split string-matching engines for intrusion detection and prevention
ACM Transactions on Architecture and Code Optimization (TACO)
Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs
IEEE Transactions on Dependable and Secure Computing
A TCAM-based distributed parallel IP lookup scheme and performance analysis
IEEE/ACM Transactions on Networking (TON)
Efficient packet classification using TCAMs
Computer Networks: The International Journal of Computer and Telecommunications Networking
A Robust Approach for Matching Mixed Casesensitive and Case-insensitive Patterns
ICNS '07 Proceedings of the Third International Conference on Networking and Services
High Speed Pattern Matching for Network IDS/IPS
ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
Scalable multigigabit pattern matching for packet inspection
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Pipelined Architecture for Multi-String Matching
IEEE Computer Architecture Letters
Performance of FPGA implementation of bit-split architecture for intrusion detection systems
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
A computationally efficient engine for flexible intrusion detection
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
String Searching Engine for Virus Scanning
IEEE Transactions on Computers
Fast and Scalable Pattern Matching for Network Intrusion Detection Systems
IEEE Journal on Selected Areas in Communications
A Memory-Efficient Parallel String Matching Architecture for High-Speed Intrusion Detection
IEEE Journal on Selected Areas in Communications
An efficient multicharacter transition string-matching engine based on the aho-corasick algorithm
ACM Transactions on Architecture and Code Optimization (TACO)
| Hi-index | 0.00 |
With rapid advancement in Internet technology and usages, some emerging applications in data communications and network security require matching of huge volume of data against large signature sets with thousands of strings in real time. In this article, we present a memory-efficient hardware implementation of the well-known Aho-Corasick (AC) string-matching algorithm using a pipelining approach called P-AC. An attractive feature of the AC algorithm is that it can solve the string-matching problem in time linearly proportional to the length of the input stream, and the computation time is independent of the number of strings in the signature set. A major disadvantage of the AC algorithm is the high memory cost required to store the transition rules of the underlying deterministic finite automaton. By incorporating pipelined processing, the state graph is reduced to a character trie that only contains forward edges. Together with an intelligent implementation of look-up tables, the memory cost of P-AC is only about 18 bits per character for a signature set containing 6,166 strings extracted from Snort. The control structure of P-AC is simple and elegant. The cost of the control logic is very low. With the availability of dual-port memories in FPGA devices, we can double the system throughput by duplicating the control logic such that the system can process two data streams concurrently. Since our method is memory-based, incremental changes to the signature set can be accommodated by updating the look-up tables without reconfiguring the FPGA circuitry.