Browse > Article

Design and Implementation of High-Speed Pattern Matcher in Network Intrusion Detection System  

Yoon, Yeo-Chan (서강대학교 전자공학과 CAD & ES. 연구실)
Hwang, Sun-Young (서강대학교 전자공학과 CAD & ES. 연구실)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.33, no.11B, 2008 , pp. 1020-1029 More about this Journal
Abstract
This paper proposes an high speed pattern matching algorithm and its implementation. The pattern matcher is used to check patterns from realtime input packet. The proposed algorithm can find exact string, range of string values, and combination of string values from input packet at high speed. Given string and rule set are modelled as a state transition graph which can find overlapped strings simultaneously, and the state transition graph is partitioned according to input implicants to reduce implementation complexity. The pattern matcher scheme uses the transformed state transition graph and input packet as an input. The pattern matcher was modelled and implemented in VHDL language. Experimental results show the proprieties of the proposed approach.
Keywords
NIDS; Pattern Matching; STG; RAM; FPGA;
Citations & Related Records
연도 인용수 순위
  • Reference
1 R. Karp and M. Rabin, 'Efficient Randomized Pattern-Matching Algorithms,' IBM Journal of Research and Development, Vol.31, No.2, pp.249-260, Mar. 1987   DOI   ScienceOn
2 A. Feldmann and S. Muthukrishnan, 'Tradeoffs for Packet Classification,' AT&T Technical Report, 1999
3 A. Parakash and A. Aziz, 'OC-3072 Packet Classification Using BDDs and Pipelined SRAMs,' in Proc. Hot Interconnects, Stanford, CA, pp.15-20, Aug. 2001
4 P. Ashar, S. Devadas, and A. Newton, Sequential Logic Synthesis, Kluwer Academic Publisher, 1992
5 M. Aldwairi, T. Conte, and P. Franzon, 'Configurable String Matching Hardware for Speeding up Intrusion Detection,' ACM SIGARCH Computer Architecture News, Vol.33, No.1, pp.99-107, Jan. 2005   DOI
6 Y. Cho, W. Mangione-Smith, 'Deep Packet Filter with Dedicated Logic and Read Only Memories,' in Proc. IEEE Symposium on Field-Programmable Custom Computing Machines, pp.125-134, Apr. 2004
7 D. Pao, C. Liu, A. Wu, L. Yeung, and K. Chan, 'Efficient Hardware Architecture for Fast IP Address Lookup,' in Proc. IEEE Infocom, New York, NY, Vol.2, pp.555-561, Jun. 2002
8 I. Charitakis, K. Anagnostakis, and E. Markatos, 'An Active Traffic Splitter Architecture for Intrusion Detection,' in Proc. IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, Orlando, Florida, pp.238-241, Oct. 2003
9 G. De Micheli, Synthesis and Optimization of Digital Circuits, McGraw-Hill, 1994
10 N. Desai, 'Increasing Performance in High Speed NIDS: A look at Snort's Internals', Feb. 2002
11 S. Brown, R. Francis, J. Rose, and Z. Vranesic, Field-Programmable Gate Arrays, Kluwer Academic Publisher, 1992
12 C. Hoffman and M. O'Donnell, 'Pattern Matching in Trees,' Journal of the ACM, Vol.29, No.1, pp.68-95, Jan. 1982   DOI   ScienceOn
13 J. Park and I. Jang, 'Parallelisation of Trie-based Longest Prefix Matching for Fast IP Address Lookups,' Electronics Letters, Vol.38, No.25. pp.1757-1759, Dec. 2002   DOI   ScienceOn
14 S. Iyer, R. R. Kompella, and A. Shelat, 'ClassiPI: An Architecture for Fast and Flexible Packet Classification,' IEEE Network Magazine, pp.24-32, Apr. 2001
15 R. Sidhu and V. Prasanna, 'Fast Regular Expression Matching Using FPGAs,' in Proc. IEEE Symposium on Field-Programmable Custom Machines, Rohnert Park, CA, pp.227-238, May 2001
16 M. Fisk and G. Varghese, 'An Analysis of Fast String Matching Applied to Content-based Forwarding and Intrusion Detection,' Technical Report CS2001-0670, University of California - San Diego, 2002