Range hash for regular expression pre-filtering

Authors:
Masanori Bando;N. Sertac Artan;Rihua Wei;Xiangyi Guo;H. Jonathan Chao
Affiliations:
Polytechnic Institute of New York University, Brooklyn, NY;Polytechnic Institute of New York University, Brooklyn, NY;Polytechnic Institute of New York University, Brooklyn, NY;Polytechnic Institute of New York University, Brooklyn, NY;Polytechnic Institute of New York University, Brooklyn, NY
Venue:
Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Year:
2010

Citing 24
Cited 1

High-speed policy-based packet forwarding using efficient multi-dimensional range matching

Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Classifying Packets with Hierarchical Intelligent Cuttings

IEEE Micro
Universal classes of hash functions (Extended Abstract)

STOC '77 Proceedings of the ninth annual ACM symposium on Theory of computing
Packet classification using multidimensional cutting

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review
Gigabit Rate Packet Pattern-Matching Using TCAM

ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Scalable packet classification

IEEE/ACM Transactions on Networking (TON)
Bit-split string-matching engines for intrusion detection and prevention

ACM Transactions on Architecture and Code Optimization (TACO)
Algorithms to accelerate multiple regular expressions matching for deep packet inspection

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Advanced algorithms for fast and scalable deep packet inspection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Fast and memory-efficient regular expression matching for deep packet inspection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Compiling PCRE to FPGA for accelerating SNORT IDS

Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
An improved algorithm to accelerate regular expression evaluation

Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia

Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Deep network packet filter design for reconfigurable devices

ACM Transactions on Embedded Computing Systems (TECS)
A hybrid finite automaton for practical deep packet inspection

CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Scalable multigigabit pattern matching for packet inspection

IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Deflating the big bang: fast and scalable deep packet inspection with extended finite automata

Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Deep Packet Inspection using Parallel Bloom Filters

IEEE Micro
An improved DFA for fast regular expression matching

ACM SIGCOMM Computer Communication Review
Efficient regular expression evaluation: theory to practice

Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Extending finite automata to efficiently match Perl-compatible regular expressions

CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
LaFA: lookahead finite automata for scalable regular expression detection

Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
LaFA: lookahead finite automata for scalable regular expression detection

Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

Designing a Programmable Wire-Speed Regular-Expression Matching Accelerator

MICRO-45 Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recently, major Internet carriers and vendors successfully tested high-speed backbone networks at 100-Gbps line speed to support rapid growth of the Internet traffic demands. In addition, traffic is getting more concentrated to points such as data centers, and demand for protecting such high-speed networks from attack traffic is increasing. Deep Packet Inspection (DPI) with Regular Expression (RegEx) detection is the de facto defense mechanism agains network intrusions. However, current RegEx detection systems cannot keep up with the upcoming high-speed line rate. The RegExes consist of three types of components, exact strings, character classes (CC), and repetitions. Exact string and repetition matching have been widely studied by RegEx research community for better performance. Yet, although more than 55% of RegExes in Snort signature set contain at least one CC, hardware based solutions that focus on CC detection is limited. In this paper we propose a new CC detection architecture called Range Hash that is suitable for high-speed, compact CC detection. Additionally, we propose a practical application of the Range Hash architecture where it can be used as a pre-filter for a Regular Expression detection system to increase overall RegEx detection performance. Based on our hardware prototype design which runs at 250MHz, Range Hash can reach to 100-Gbps CC detection throughput with today's FPGA chips.