Hierarchical multi-pattern matching algorithm for network content inspection
Information Sciences: an International Journal
A Parallel Architecture for Stateful, High-Speed Intrusion Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
High-performance multi-pattern matching structure in hardware network firewall
AIC'09 Proceedings of the 9th WSEAS international conference on Applied informatics and communications
Design of high-speed string matching based on servos' array
APPT'07 Proceedings of the 7th international conference on Advanced parallel processing technologies
Scalable NIDS via negative pattern matching and exclusive pattern matching
INFOCOM'10 Proceedings of the 29th conference on Information communications
A memory-efficient pipelined implementation of the aho-corasick string-matching algorithm
ACM Transactions on Architecture and Code Optimization (TACO)
Accelerating the bit-split string matching algorithm using Bloom filters
Computer Communications
Efficient pattern matching algorithm for memory architecture
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
A Multi-dimensional Progressive Perfect Hashing for High-Speed String Matching
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
Hi-index | 0.07 |
The ability to inspect both packet headers and payloads to identify attack signatures makes network intrusion detection system (NIDS) a promising approach to protect Internet systems. Since most of the known attacks can be represented with strings or combinations of multiple substrings, string matching is a key component, as well as the bottleneck in NIDS to address the requirement of constantly increasing capacity. We propose a memory-efficient multiple-character-approaching architecture consisting of multiple parallel deterministic finite automata (DFAs), called TDP-DFA. By employing efficient representations for the transition rules in each DFA, TDP-DFA significantly reduces the complexity. We also present a novel scheme to share the storage of transition rules among multiple DFAs, substantially decreasing the total storage cost, and avoiding the cost increase being proportional to the number of DFAs. We evaluate this design through theoretical analysis and comprehensive experiments. Results show that TDP-DFA is able to meet the critical requirement of OC-768 wirespeed processing, as well as constituting a promising way for scaling up to cope with throughput over 100 Gb/s in the future