The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

A Memory-Efficient Two-Stage String Matching Engine Using both Content-Addressable Memory and Bit-split String Matchers for Deep Packet Inspection

CAM과 비트 분리 문자열 매처를 이용한 DPI를 위한 2단의 문자열 매칭 엔진의 개발

  • Kim, HyunJin (School of EEE, Dankook University) ;
  • Choi, Kang-Il (Smart Node Platform Lab., Electronics and Telecommunications Research Institute)
  • Received : 2014.02.04
  • Accepted : 2014.07.15
  • Published : 2014.07.31
Download PDF
⟨ Previous Next ⟩

Abstract

This paper proposes an architecture of two-stage string matching engine with content-addressable memory(CAM) and parallel bit-split string matchers for deep packet inspection(DPI). Each long signature is divided into subpatterns with the same length, where subpatterns are mapped onto the CAM in the first stage. The long pattern is matched in the second stage using the sequence of the matching indexes from the CAM. By adopting CAM and bit-split string matchers, the memory requirements can be greatly reduced in the heterogeneous string matching environments.

본 논문은 DPI (deep packet insepction)를 위한 CAM (content-addressable memory)과 병렬의 비트 분리(bit-split) 문자열 매처(matcher)를 이용한 2단의 문자열 매칭 엔진의 구조를 제안한다. 긴 타겟 패턴은 같은 길이의 서브 패턴으로 잘라지게 되고, 각 서브패턴은 1단의 CAM에 매핑된다. CAM으로부터의 매칭 인덱스의 시퀀스를 사용하여 2단에서 긴 패턴의 매칭 여부를 알 수 있다. CAM과 비트 분리 문자열 매처를 사용하여 이 기종의 메모리를 사용했을 경우에 메모리 요구량을 크게 줄일 수 있다.

Keywords

References

  1. P.-C. Lin, Y.-D. Lin, T.-H. Lee, and Y.-C. Lai, "Using string matching for deep packet inspection," IEEE Computer, vol. 41, no. 4, pp. 23-28, 2008.
  2. K. Kim, S. Kang, I. Song, and T. Kwon, "TCAM partitioning for high - performance packet classification," J. KICS, vol. 31, No. 2B, pp. 91-97, 2006.
  3. T. AbuHmed, A. Mohaisen, and D. H. Nyang, "A survey on deep packet inspection for intrusion detection systems," Mag. Korea Telecommun. Soc., vol. 24, No. 11, pp. 25-36, 2007
  4. Y.-C. Yoon and S.-Y. Hwang, "Design and implementation of high-speed pattern matcher in network intrusion detection system," J. KICS, vol. 33, no. 11B, pp. 1020-1029, 2008.
  5. F. Yu, R. H. Katz, and T. V. Lakshman, "Gigabit rate packet pattern-matching using TCAM," in Proc. Int. Conf. Network Protocols (ICNP 2004), pp. 174-183, Oct. 2004.
  6. J.-S. Sung S.-M. Kang, Y. Lee, and T.-G. Kwon, "A multi-gigabit rate deep packet inspection algorithm using TCAM," in Proc. IEEE GLOBECOM, pp. 453-457, 2004.
  7. S. Yun, "An efficient TCAM-based implementation of multipattern matching using covered state encoding," IEEE Trans. Computers, vol. 61, no. 2, pp. 213-221, Feb. 2012. https://doi.org/10.1109/TC.2010.273
  8. A. V. Aho and M. J. Corasick, "Efficient string matching: an aid to bibliographic search," Commun. ACM, vol. 18, issue 6, pp. 652-654, 1975.
  9. L. Tan, B. Brotherton, and T. Sherwood, "Bit-split string-matching engines for intrusion detection and prevention," ACM Trans. Archit. and Code Optimization, vol. 3, no. 1, pp. 3-34, 2006. https://doi.org/10.1145/1132462.1132464
  10. H. Kim, H.-S. Hong, and S. Kang, "A memory-efficient bit-split parallel string matching using pattern dividing for intrusion detection systems," IEEE Trans. Parallel and Distributed Syst., vol. 22, no. 11, pp. 1004-1006, 2011.
  11. H. Kim, H. Hong, D. Baek, and S. Kang, "A pattern partitioning algorithm for memory-efficient parallel string matching in deep packet inspection," IEICE Trans. Commun., vol. E93-B, no. 6, pp. 1612-1614, 2010.
  12. Snort, "Intrusion detection system," http://ww w.snort.org.
  13. Xilinx: Virtex-4 VLX FPGA, http://www.xili nx.com.
  14. Renesas: TCAM, http://www.renesas.com/ pro ducts/memory/TCAM/index.jsp.