A Memory-Efficient and Modular Approach for Large-Scale String Pattern Matching

Le, Hoang; Prasanna, Viktor K.

doi:10.1109/tc.2012.38

Cited by 37 publications

(18 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are 7 DDR3 interfaces on the selected FPGA with a 64 bit data width each, which allows for a single offchip EMU with a 208 bit parallel look-up. We assume that the on-chip EMU implementation is carried out with a 13 stage pipeline for the look up of 24 Byte strings as described in [28]. The reported resource consumption for one on-chip EMU (implemented on an FPGA that is compatible with ours) with a clock frequency of 200 Mhz is 18400 LUTs and 2.47 Mbits of memory.…”

Section: Hardware Resource Requirement Analysis With Fpga Implementationmentioning

confidence: 99%

A Fast and Accurate Hardware String Matching Module with Bloom Filters

Zengin

Schmidt

2016

IEEE Trans. Parallel Distrib. Syst.

View full text Add to dashboard Cite

Many fields of computing such as Deep Packet Inspection (DPI) employ string matching modules (SMM) that search for a given set of positive strings in their input. An SMM is expected to produce correct outcomes while scanning the input data at high rates. Furthermore the string sets that are searched for are usually large and their sizes increase steadily. Bloom Filters (BFs) are hashing data structures which are fast but their false positive results require further processing. That is, their speed can be exploited for Standard Bloom Filter SMMs (SBFs) as long as the positive probability is low. Multiple BFs in parallel can further increase the throughput. In this paper, we propose the Double Bloom Filter SMM (DBF) which achieves a higher throughput than the SBF and maintains a high throughput even for large positive probabilities. The second Bloom Filter of DBF stores a small enough subset of the positive strings such that its false positive probability is approximately zero. We develop an analytical model of the DBF and show that the throughput advantage of DBF over SBF becomes more prominent if the positive probability and the fraction of matches in the second Bloom Filter increase. Accordingly, we propose a heuristic algorithm that stores the strings that are more frequently matched in the second Bloom Filter according to localities identified in the input. Our numerical results are obtained using realistic values from an FPGA implementation and are validated by SystemC simulations.Index Terms-Bloom filter, string matching, deep packet inspection, field programmable gate array (FPGA) ! • S. Zengin is with the Defense

show abstract

Section: Hardware Resource Requirement Analysis With Fpga Implementationmentioning

confidence: 99%

A Fast and Accurate Hardware String Matching Module with Bloom Filters

Zengin

Schmidt

2016

IEEE Trans. Parallel Distrib. Syst.

View full text Add to dashboard Cite

show abstract

“…The approaches to acceleration involve designing efficient pattern-matching algorithms [33,217] , leveraging hardware implementation [40,179,193,202], and program parallelization [222]. The interest in this issue persists in the research community of intrusion detection even until recently [146,171,178,187,270]. Many existing solutions can accelerate the matching with flexible patterns such as regular expressions, achieving a linear time complexity even in the worst case.…”

Section: Detection Methodologiesmentioning

confidence: 99%

Security configuration management in intrusion detection and prevention systems

Alsubhi

Alhazmi

Bouabdallah

et al. 2012

IJSN

View full text Add to dashboard Cite

Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defense against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. IDPSs can be network or host-based and can collaborate in order to provide better detection of malicious traffic. Although several IDPS systems have been proposed, their appropriate configuration and control for effective detection/prevention of attacks and efficient resource consumption is still far from trivial.Another concern is related to the slowing down of system performance when maximum security is applied, hence the need to trade off between security enforcement levels and the performance and usability of an enterprise information system.In this dissertation, we present a security management framework for the configuration and control of the security enforcement mechanisms of an enterprise information system. The approach leverages the dynamic adaptation of security measures based on the assessment of system vulnerability and threat prediction, and provides several levels of attack containment. Furthermore, we study the impact of security enforcement levels on the performance and usability of an enterprise information system. In particular, we analyze the impact of an IDPS configuration on the resulting security of the network, and on the network performance. We also analyze the performance of the IDPS for different configurations and under different traffic characteristics. The analysis can then be used to predict the impact of a given security configuration on the prediction of the impact on network performance.iii Acknowledgements All praise is due to Allah who guided me through out this research and beyond.My deepest gratitude is to my advisor, Prof. Raouf Boutaba, for his guidance, support, patience, and encouragement. I have been amazingly fortunate to have an advisor who gave me the freedom to explore on my own, and at the same time the guidance to recover when my steps faltered. He was always available, professional, and friendly. I have learned from him to think differently, be optimistic, and be self motivated. This work would have not been done without his advice and valuable comments.

show abstract

“…The architecture can be easily extended to support multicharacter inputs per clock cycle through mapping a compressed AC-DFA [21] onto multiple pipelines.…”

Section: Matchingmentioning

confidence: 99%

Network intrusion detection using hardware techniques: A review

Abdulhammed

Faezipour

Elleithy

2016

2016 IEEE Long Island Systems, Applications and Technology Conference (LISAT)

View full text Add to dashboard Cite

-The increasing amount of network throughput and security threat makes intrusion detection a major research problem. In the literature, intrusion detection has been approached by either a hardware or software technique. This paper reviews and compares hardware based techniques that are commonly used in intrusion detection systems with a special emphasis on modern hardware platforms such as FPGA, GPU, many-core processors and ASIC. It also provides a detailed comparison between these hardware solution platforms. Our approach to classify modern hardware-based Intrusion Detection System (IDS) techniques is based on the detection approach. In addition, we provide a comparison between the classified detection approaches based on essential criteria such as definition, update process, detection ability, features of the system, and implementation requirements. Finally, a classification tree of hardware-based NIDS platforms is given.

show abstract

A Memory-Efficient and Modular Approach for Large-Scale String Pattern Matching

Cited by 37 publications

References 13 publications

A Fast and Accurate Hardware String Matching Module with Bloom Filters

A Fast and Accurate Hardware String Matching Module with Bloom Filters

Security configuration management in intrusion detection and prevention systems

Network intrusion detection using hardware techniques: A review

Contact Info

Product

Resources

About