Browse > Article
http://dx.doi.org/10.9708/jksci.2011.16.5.013

A Hardware Architecture of Regular Expression Pattern Matching for Deep Packet Inspection  

Yun, Sang-Kyun (Dept. of Computer and Telecommunication Engineering, Yonsei University)
Lee, Kyu-Hee (Dept. of Computer and Telecommunication Engineering, Yonsei University)
Publication Information
Journal of the Korea Society of Computer and Information / v.16, no.5, 2011 , pp. 13-22 More about this Journal
Abstract
Network Intrusion Detection Systems use regular expression to represent malicious packets and hardware-based pattern matching is required for fast deep packet inspection. Although hardware architectures for implementing constraint repetition operators such as {10} were recently proposed, they have some limitation. In this paper, we propose hardware architecture supporting constraint repetitions of general regular expression sub-patterns with lower logic complexity. The subpatterns supported by the proposed contraint repetition architecture include general regular expression patterns as well as a single character and fixed length patterns. With the proposed building block, we can implement more efficiently regular expression pattern matching hardwares.
Keywords
packet inspection; intrusion detection; pattern matching H/W; regular expression; NIDS;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J. Bispo, I. Sourdis, J. Cardoso, and S. Vassiliadis, "Regular Expression Matching for Reconfigurable Packet Inspection," in IEEE Int'l Conf. on Field Programmable Techn.ology (FPT'06), pp. 119-126, 2006.
2 I. Sourdis, S. Vassiliadis, J. Bispo, and J. Cardoso, "Regular Expression Matching in Reconfigurable Hardware," Journal of Signal Processing Systems, vol. 51, pp. 99-121, 2008.   DOI   ScienceOn
3 R. Sidhu and V.K. Prasanna, "Fast Regular Expression Matching using FPGAs," in IEEE Symp. on Field- Programmable Custom Computing Machines (FCCM'01), pp. 227-238, 2001.
4 C.H. Lin, C.T. Huang, et al. "Optimization of regular expression pattern matching circuits on FPGA," in Proc. of Conference on Design, Automation and Test in Europe (DATE'06), pp. 12-17, 2006.
5 Z.K. Baker, H.J. Jung and V.K. Prasanna, "Regular expression software deceleration for intrusion detection systems," in Int'l Conf. on Field Programmable Logic and Applications (FPL'06) pp. 418-425, 2006.
6 B. C. Brodie, D. E. Taylor, and R. K. Cytron, "A scalable architecture for high-throughput regluar expression pattern matching," ACM SIGARCH Computer Architecture News, vol. 34, no. 2, pp. 191-202, 2006.   DOI   ScienceOn
7 Christopher R. Clark and D. E. Schimmel, "Scalable pattern matching for high speed networks," in IEEE Symp. on Field-Programmable Custom Computing Machines (FCCM'04), pp. 249-257, 2004.
8 B. L. Hutchings, R. Franklin, et al. "Assisting network intrusion detection with reconfigurable hardware," in IEEE Symp. on Field-Programmable Custom Computing Machines (FCCM'02), pp. 111-120, 2002.
9 J. Moscola, J. Lockwood, R. Loui, and M. Pachos, "Implementation of a content-scanning module for an Internet firewall," in IEEE Symp. on Field-Programmable Custom Computing Machines (FCCM'03), pp. 31-38, 2003.
10 I. Sourdis and D. Pnevmatikatos, "Pre-decoded CAMs for Efficient and High-Speed NIDS PatternMatching," in IEEE Symp. on Field-Programmable CustomComputingMachines (FCCM'04), pp. 258-267, 2004.
11 Snort Web Site, http://www.snort.org
12 Bro Intrusion Detection System, http://www.bro-ids.org
13 Bleeding Edges, http://bleedingedges.net/
14 J. Bispo, and J. Cardoso, "Synthesis of regular expressions for FPGAs," International Journal of Electronics, vol. 95, no. 7, pp. 685-704, 2008.   DOI   ScienceOn
15 J. Ho and G. Lemieux, "PERG: a scalable FPGAbased pattern-matching Engine with Consolidated Bloomier Filters," in IEEE Int'l Conf. on Field Programmable Technology(FPT'08), pp.73-80, 2008.
16 J. Ho and G. Lemieux, "PERG-Rx: a hardware pattern-matching engine supporting limited regular expressions," in proc. ACM/SIGDA Int'l. Symp. on Field programmable gate arrays (FPGA'09), pp. 257-260, 2009.