Pattern matching acceleration for network intrusion detection systems

Authors:
Sunil Kim
Affiliations:
School of Information and Computer Engineering, Hongik University, Seoul, Korea
Venue:
SAMOS'05 Proceedings of the 5th international conference on Embedded Computer Systems: architectures, Modeling, and Simulation
Year:
2005

Citing 11
Cited 1

A new approach to text searching

SIGIR '89 Proceedings of the 12th annual international ACM SIGIR conference on Research and development in information retrieval
Efficient string matching: an aid to bibliographic search

Communications of the ACM
Granidt: Towards Gigabit Rate Network Intrusion Detection Technology

FPL '02 Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications
Specialized Hardware for Deep Network Packet Filtering

FPL '02 Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications
Assisting Network Intrusion Detection with Reconfigurable Hardware

FCCM '02 Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Implementation of a Content-Scanning Module for an Internet Firewall

FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Generating realistic workloads for network intrusion detection systems

WOSP '04 Proceedings of the 4th international workshop on Software and performance
A fast string-matching algorithm for network processor-based intrusion detection system

ACM Transactions on Embedded Computing Systems (TECS)
Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Fast Regular Expression Matching Using FPGAs

FCCM '01 Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Deep Packet Inspection using Parallel Bloom Filters

IEEE Micro

A high-throughput system architecture for deep packet filtering in network intrusion prevention

ARCS'06 Proceedings of the 19th international conference on Architecture of Computing Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Pattern matching is one of critical parts of Network Intrusion Detection Systems (NIDS). Pattern matching is computationally intensive. To handle an increasing number of attack signature patterns, a NIDS require a multi-pattern matching method that can meet the line-speed of packet transfer. The multi-pattern matching method should efficiently handle a large number of patterns with a wide range of pattern lengths and noncase-sensitive pattern matches. It should also be able to process multiple input characters in parallel. In this paper, we propose a multi-pattern matching hardware accelerator based on Shift-OR pattern matching algorithm. We evaluate the performance of the pattern matching accelerator under various assumptions. The performance evaluation shows that the pattern matching accelerator can be more than 80 times faster than the fastest software multi-pattern matching method used in Snort, a widely used open-source NIDS.