A pattern-matching scheme with high throughput performance and low memory requirement

Authors:
Tsern-Huei Lee;Nai-Lun Huang
Affiliations:
Institute of Communication Engineering, National Chiao Tung University, Hsinchu, Taiwan;Institute of Communication Engineering, National Chiao Tung University, Hsinchu, Taiwan
Venue:
IEEE/ACM Transactions on Networking (TON)
Year:
2013

Citing 13
Cited 0

A fast string searching algorithm

Communications of the ACM
Efficient string matching: an aid to bibliographic search

Communications of the ACM
Space/time trade-offs in hash coding with allowable errors

Communications of the ACM
Longest prefix matching using bloom filters

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Implementation Results of Bloom Filters for String Matching

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
A High Throughput String Matching Architecture for Intrusion Detection and Prevention

Proceedings of the 32nd annual international symposium on Computer Architecture
Fast and scalable pattern matching for content filtering

Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Longest prefix matching using bloom filters

IEEE/ACM Transactions on Networking (TON)
Deep Packet Inspection using Parallel Bloom Filters

IEEE Micro
High performance dictionary-based string matching for deep packet inspection

INFOCOM'10 Proceedings of the 29th conference on Information communications
SPC-FA: synergic parallel compact finite automaton to accelerate multi-string matching with low memory

Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Fast and Scalable Pattern Matching for Network Intrusion Detection Systems

IEEE Journal on Selected Areas in Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Pattern-matching techniques have recently been applied to network security applications such as intrusion detection, virus protection, and spam filters. The widely used Aho-Corasick (AC) algorithm can simultaneously match multiple patterns while providing a worst-case performance guarantee. However, as transmission technologies improve, the AC algorithm cannot keep up with transmission speeds in high-speed networks. Moreover, it may require a huge amount of space to store a two-dimensional state transition table when the total length of patterns is large. In this paper, we present a pattern-matching architecture consisting of a stateful pre-filter and an AC-based verification engine. The stateful pre-filter is optimal in the sense that it is equivalent to utilizing all previous query results. In addition, the filter can be easily realized with bitmaps and simple bitwise-AND and shift operations. The size of the two-dimensional state transition table in our proposed architecture is proportional to the number of patterns, as opposed to the total length of patterns in previous designs. Our proposed architecture achieves a significant improvement in both throughput performance and memory usage.