Programming Techniques: Regular expression search algorithm
Communications of the ACM
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Advanced algorithms for fast and scalable deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
The shunt: an FPGA-based accelerator for network intrusion prevention
Proceedings of the 2007 ACM/SIGDA 15th international symposium on Field programmable gate arrays
Internet forensics on the basis of evidence gathering with Peep attacks
Computer Standards & Interfaces
A user-oriented ontology-based approach for network intrusion detection
Computer Standards & Interfaces
Compiling PCRE to FPGA for accelerating SNORT IDS
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Gnort: High Performance Network Intrusion Detection Using Graphics Processors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Introduction to Automata Theory, Languages, and Computation
Introduction to Automata Theory, Languages, and Computation
Analysis of Computer and Communication Networks
Analysis of Computer and Communication Networks
Efficient regular expression evaluation: theory to practice
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Regular Expression Matching on Graphics Hardware for Intrusion Detection
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Packet scheduling for deep packet inspection on multi-core architectures
Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
The case for hardware transactional memory in software packet processing
Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
MIDeA: a multi-parallel intrusion detection architecture
Proceedings of the 18th ACM conference on Computer and communications security
E-AHRW: An Energy-Efficient Adaptive Hash Scheduler for Stream Processing on Multi-core Servers
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
Hi-index | 0.00 |
A key technique of network security inspection is by using the regular expression matching to locate the specific fingerprints of networking applications or attacks in the packet flows, and accordingly identify the underlying applications or attacks. However, due to the surge of various networking applications and attacks in recent years, even more fingerprints need to be investigated in this process, which leads to a high demand on a large memory space for regular expression matching. In addition, with the frequent upgrading of the network links nowadays, the network flow rate also increases dramatically. As a result, it demands the fast operation of regular expression matching accordingly with the enhanced throughput for network inspection. However, due to the limited space of the fast memory, the requirements on fast operations and large memory space are conflicting. On addressing this challenge, in this paper, we propose to use hybrid memory for regular expression matching. In specific, by investigating on the transition table state access probability through the Markov theory, it can be observed that there exist a number of states which are much more frequently accessed than others. Therefore, we devise a matching engine which is suitable for FPGA implementation with two-level memories, where the first-level memory uses the on-chip memory of FPGA to cache the frequently accessed state transitions, and the second-level memory, composed of slow and cheap DRAM, stores the whole state transitions. Furthermore, the L7-filter's regular expression patterns have been applied to obtain the state access probability, and different quantities of memory assignment approaches have also been investigated to evaluate the throughput.