A Memory-Efficient Parallel String Matching Architecture for High-Speed Intrusion Detection

Authors:
Hongbin Lu;Kai Zheng;Bin Liu;Xin Zhang;Yunhao Liu
Affiliations:
Dept. of Comput. Sci. & Technol., Tsinghua Univ., Beijing;-;-;-;-
Venue:
IEEE Journal on Selected Areas in Communications
Year:
2006

Citing 0
Cited 10

Hierarchical multi-pattern matching algorithm for network content inspection

Information Sciences: an International Journal
A Parallel Architecture for Stateful, High-Speed Intrusion Detection

ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
High-performance multi-pattern matching structure in hardware network firewall

AIC'09 Proceedings of the 9th WSEAS international conference on Applied informatics and communications
Design of high-speed string matching based on servos' array

APPT'07 Proceedings of the 7th international conference on Advanced parallel processing technologies
Scalable NIDS via negative pattern matching and exclusive pattern matching

INFOCOM'10 Proceedings of the 29th conference on Information communications
A memory-efficient pipelined implementation of the aho-corasick string-matching algorithm

ACM Transactions on Architecture and Code Optimization (TACO)
Accelerating the bit-split string matching algorithm using Bloom filters

Computer Communications
Efficient pattern matching algorithm for memory architecture

IEEE Transactions on Very Large Scale Integration (VLSI) Systems
A Multi-dimensional Progressive Perfect Hashing for High-Speed String Matching

Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
String alignment pre-detection using unique subsequences for FPGA-based network intrusion detection

Computer Communications

Quantified Score

Hi-index	0.07

Visualization

Abstract

The ability to inspect both packet headers and payloads to identify attack signatures makes network intrusion detection system (NIDS) a promising approach to protect Internet systems. Since most of the known attacks can be represented with strings or combinations of multiple substrings, string matching is a key component, as well as the bottleneck in NIDS to address the requirement of constantly increasing capacity. We propose a memory-efficient multiple-character-approaching architecture consisting of multiple parallel deterministic finite automata (DFAs), called TDP-DFA. By employing efficient representations for the transition rules in each DFA, TDP-DFA significantly reduces the complexity. We also present a novel scheme to share the storage of transition rules among multiple DFAs, substantially decreasing the total storage cost, and avoiding the cost increase being proportional to the number of DFAs. We evaluate this design through theoretical analysis and comprehensive experiments. Results show that TDP-DFA is able to meet the critical requirement of OC-768 wirespeed processing, as well as constituting a promising way for scaling up to cope with throughput over 100 Gb/s in the future