The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

Design and Implementation of High-Speed Pattern Matcher in Network Intrusion Detection System

네트워크 침입 탐지 시스템에서 고속 패턴 매칭기의 설계 및 구현

  • 윤여찬 (서강대학교 전자공학과 CAD & ES. 연구실) ;
  • 황선영 (서강대학교 전자공학과 CAD & ES. 연구실)
  • Published : 2008.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

This paper proposes an high speed pattern matching algorithm and its implementation. The pattern matcher is used to check patterns from realtime input packet. The proposed algorithm can find exact string, range of string values, and combination of string values from input packet at high speed. Given string and rule set are modelled as a state transition graph which can find overlapped strings simultaneously, and the state transition graph is partitioned according to input implicants to reduce implementation complexity. The pattern matcher scheme uses the transformed state transition graph and input packet as an input. The pattern matcher was modelled and implemented in VHDL language. Experimental results show the proprieties of the proposed approach.

본 논문은 네트워크 침입 탐지 시스템에서 고속 패턴 매칭 알고리듬과 그 구조를 제안한다. 제안된 알고리듬은 실시간 입력 패킷에서 특정 패턴을 검사하며 정확한 문자열, 문자열 값의 범위, 그리고 문자열 값의 조합 등을 검색한다. 본 연구에서는 입력 패킷과 패턴은 동시에 겹치는 문자열들을 검색하기 위해 상태 전이 그래프로 모델링 하였으며 상태 전이 그래프는 구현 복잡도를 줄이기 위해 입력 임플리컨트 단위로 분할하였다. 제안된 패턴 매칭구조는 상태 전이 그래프와 입력된 문자열을 입력으로 사용한다. 제안된 패턴 매칭기는 VHDL 언어로 모델링하여 구현하였으며, 성능 분석을 통하여 제안된 기법의 적절성을 검증하였다.

Keywords

References

  1. M. Fisk and G. Varghese, 'An Analysis of Fast String Matching Applied to Content-based Forwarding and Intrusion Detection,' Technical Report CS2001-0670, University of California - San Diego, 2002
  2. N. Desai, 'Increasing Performance in High Speed NIDS: A look at Snort's Internals', Feb. 2002
  3. I. Charitakis, K. Anagnostakis, and E. Markatos, 'An Active Traffic Splitter Architecture for Intrusion Detection,' in Proc. IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, Orlando, Florida, pp.238-241, Oct. 2003
  4. Y. Cho, W. Mangione-Smith, 'Deep Packet Filter with Dedicated Logic and Read Only Memories,' in Proc. IEEE Symposium on Field-Programmable Custom Computing Machines, pp.125-134, Apr. 2004
  5. M. Aldwairi, T. Conte, and P. Franzon, 'Configurable String Matching Hardware for Speeding up Intrusion Detection,' ACM SIGARCH Computer Architecture News, Vol.33, No.1, pp.99-107, Jan. 2005 https://doi.org/10.1145/1055626.1055640
  6. R. Sidhu and V. Prasanna, 'Fast Regular Expression Matching Using FPGAs,' in Proc. IEEE Symposium on Field-Programmable Custom Machines, Rohnert Park, CA, pp.227-238, May 2001
  7. C. Hoffman and M. O'Donnell, 'Pattern Matching in Trees,' Journal of the ACM, Vol.29, No.1, pp.68-95, Jan. 1982 https://doi.org/10.1145/322290.322295
  8. R. Karp and M. Rabin, 'Efficient Randomized Pattern-Matching Algorithms,' IBM Journal of Research and Development, Vol.31, No.2, pp.249-260, Mar. 1987 https://doi.org/10.1147/rd.312.0249
  9. D. Pao, C. Liu, A. Wu, L. Yeung, and K. Chan, 'Efficient Hardware Architecture for Fast IP Address Lookup,' in Proc. IEEE Infocom, New York, NY, Vol.2, pp.555-561, Jun. 2002
  10. S. Iyer, R. R. Kompella, and A. Shelat, 'ClassiPI: An Architecture for Fast and Flexible Packet Classification,' IEEE Network Magazine, pp.24-32, Apr. 2001
  11. A. Feldmann and S. Muthukrishnan, 'Tradeoffs for Packet Classification,' AT&T Technical Report, 1999
  12. A. Parakash and A. Aziz, 'OC-3072 Packet Classification Using BDDs and Pipelined SRAMs,' in Proc. Hot Interconnects, Stanford, CA, pp.15-20, Aug. 2001
  13. J. Park and I. Jang, 'Parallelisation of Trie-based Longest Prefix Matching for Fast IP Address Lookups,' Electronics Letters, Vol.38, No.25. pp.1757-1759, Dec. 2002 https://doi.org/10.1049/el:20021017
  14. S. Brown, R. Francis, J. Rose, and Z. Vranesic, Field-Programmable Gate Arrays, Kluwer Academic Publisher, 1992
  15. P. Ashar, S. Devadas, and A. Newton, Sequential Logic Synthesis, Kluwer Academic Publisher, 1992
  16. G. De Micheli, Synthesis and Optimization of Digital Circuits, McGraw-Hill, 1994