Browse > Article
http://dx.doi.org/10.7840/kics.2014.39B.7.433

A Memory-Efficient Two-Stage String Matching Engine Using both Content-Addressable Memory and Bit-split String Matchers for Deep Packet Inspection  

Kim, HyunJin (School of EEE, Dankook University)
Choi, Kang-Il (Smart Node Platform Lab., Electronics and Telecommunications Research Institute)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.39B, no.7, 2014 , pp. 433-439 More about this Journal
Abstract
This paper proposes an architecture of two-stage string matching engine with content-addressable memory(CAM) and parallel bit-split string matchers for deep packet inspection(DPI). Each long signature is divided into subpatterns with the same length, where subpatterns are mapped onto the CAM in the first stage. The long pattern is matched in the second stage using the sequence of the matching indexes from the CAM. By adopting CAM and bit-split string matchers, the memory requirements can be greatly reduced in the heterogeneous string matching environments.
Keywords
Aho-Corasick algorithm; Content-addressable memory; Deep packet inspection; Pattern mapping; String matching engine;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 P.-C. Lin, Y.-D. Lin, T.-H. Lee, and Y.-C. Lai, "Using string matching for deep packet inspection," IEEE Computer, vol. 41, no. 4, pp. 23-28, 2008.
2 K. Kim, S. Kang, I. Song, and T. Kwon, "TCAM partitioning for high - performance packet classification," J. KICS, vol. 31, No. 2B, pp. 91-97, 2006.   과학기술학회마을
3 T. AbuHmed, A. Mohaisen, and D. H. Nyang, "A survey on deep packet inspection for intrusion detection systems," Mag. Korea Telecommun. Soc., vol. 24, No. 11, pp. 25-36, 2007   과학기술학회마을
4 Y.-C. Yoon and S.-Y. Hwang, "Design and implementation of high-speed pattern matcher in network intrusion detection system," J. KICS, vol. 33, no. 11B, pp. 1020-1029, 2008.   과학기술학회마을
5 F. Yu, R. H. Katz, and T. V. Lakshman, "Gigabit rate packet pattern-matching using TCAM," in Proc. Int. Conf. Network Protocols (ICNP 2004), pp. 174-183, Oct. 2004.
6 J.-S. Sung S.-M. Kang, Y. Lee, and T.-G. Kwon, "A multi-gigabit rate deep packet inspection algorithm using TCAM," in Proc. IEEE GLOBECOM, pp. 453-457, 2004.
7 S. Yun, "An efficient TCAM-based implementation of multipattern matching using covered state encoding," IEEE Trans. Computers, vol. 61, no. 2, pp. 213-221, Feb. 2012.   DOI
8 A. V. Aho and M. J. Corasick, "Efficient string matching: an aid to bibliographic search," Commun. ACM, vol. 18, issue 6, pp. 652-654, 1975.
9 H. Kim, H.-S. Hong, and S. Kang, "A memory-efficient bit-split parallel string matching using pattern dividing for intrusion detection systems," IEEE Trans. Parallel and Distributed Syst., vol. 22, no. 11, pp. 1004-1006, 2011.
10 H. Kim, H. Hong, D. Baek, and S. Kang, "A pattern partitioning algorithm for memory-efficient parallel string matching in deep packet inspection," IEICE Trans. Commun., vol. E93-B, no. 6, pp. 1612-1614, 2010.
11 Snort, "Intrusion detection system," http://ww w.snort.org.
12 Xilinx: Virtex-4 VLX FPGA, http://www.xili nx.com.
13 Renesas: TCAM, http://www.renesas.com/ pro ducts/memory/TCAM/index.jsp.
14 L. Tan, B. Brotherton, and T. Sherwood, "Bit-split string-matching engines for intrusion detection and prevention," ACM Trans. Archit. and Code Optimization, vol. 3, no. 1, pp. 3-34, 2006.   DOI