Range hash for regular expression pre-filtering

Bando, Masanori; Artan, N. Sertac; Wei, Rihua; Chao, H. Jonathan

doi:10.1145/1872007.1872032

Cited by 14 publications

(3 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some designs focus on plaintext signatures which allow for the use of hash tables for match verification [22,23]. Taking a similar pipeline approach but targeting regex, Bando [24] tackles the issues of effectively filtering regex signatures with low specificity but does not detail a solution for verifying filtered packets once identified.…”

Section: Related Workmentioning

confidence: 99%

Accelerating Regular-Expression Matching on FPGAs with High-Level Synthesis

Callanan

Kljucaric

George³

2021

International Workshop on OpenCL

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Accelerating Regular-Expression Matching on FPGAs with High-Level Synthesis

Callanan

Kljucaric

George³

2021

International Workshop on OpenCL

View full text Add to dashboard Cite

“…Another approach for IDS implementation in FPGA is the Finite State Machine (FSM) paradigm [19,20], which has different pros and cons with the Bloom Filter approach [21]. Additionally, in [22], an FPGA implementation of a Deep Packet Inspection architecture with Regular Expression Detection is shown. In [23], a parallel pattern matching architecture based on a compact reconfigurable filter and a coprocessor for FPGA is presented.…”

Section: Fpgas/asicsmentioning

confidence: 99%

A Bloom Filter-Based Monitoring Station for a Lawful Interception Platform

Santos

Hernández

Urueña

et al. 2014

Communications in Computer and Information Science

View full text Add to dashboard Cite

Abstract. Lawful Interception (LI) is a fundamental tool in today's Police investigations.Therefore, it is important to make it as quickly and securely as possible as well as a reasonable cost per suspect. This makes traffic capture in aggregation links quite attractive, although this implies high wirespeeds which require the use of specific hardware-based architectures. This paper proposes a novel Bloom Filter-based monitoring station architecture for efficient packet capture in aggregation links. With said Bloom filter, we filter out most of the packets in the link and capture only those belonging to lawful interception wiretaps. Next, we present an FPGA-based implementation of said architecture and obtain the maximum capture rate achievable by injecting traffic through four parallel Gigabit Ethernet lines. Finally, we identify the limitations of our current design and suggest the possibility of further extending it to higher wirespeeds.

show abstract

“…Akamai, the biggest content provider handling around 20% of the total Internet traffic using 61,000 servers deployed worldwide, reports only less than 300 attacks in 24hours in average and so most of the traffic is legitimated. So, if we can filter out these benign packets and leave little suspicious packets for further precise verification, IDS with a throughput much less than the line rate can keep up with the traffic [10].…”

Section: Introductionmentioning

confidence: 99%

Exploring and Enhancing the Performance of Parallel IDS on Multi-core Processors

Jiang

Yang

Xie

2011

2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications

View full text Add to dashboard Cite

With the advancement of multi-core processor, it is highly desired to use parallel design to improve the IDS throughput in nowadays. However, existing parallel schemes often fail to achieve linear speedup in IDS. The throughput even deteriorates severely for some network traffics. Hence, exploring and addressing the problems have become one of the most urgent issues in parallel IDS. In this work, an IDS model adopting software pipeline is developed as the testbed of parallel performance evaluation. The contribution of this paper is twofold. First, we explore the performance of parallel IDS through substantive experiments and quantitative analyses. We find Heavy Rule Fingerprint (HRF) in the pre-filter, which has not been mentioned in previous papers as we know, causes severe performance deterioration mentioned in existing studies. The experiments illustrate that the time consumption on HRF in parallel system is at least 6-7 times longer than that in normal system. Second, we propose a new fingerprint extraction strategy to deal with HRF. Experimental results show that the throughput deterioration is resolved completely and the throughput is enhanced by 45% by integrating our proposed method into the testbed and with making use of DARPA evaluation dataset.

show abstract

Range hash for regular expression pre-filtering

Cited by 14 publications

References 41 publications

Accelerating Regular-Expression Matching on FPGAs with High-Level Synthesis

Accelerating Regular-Expression Matching on FPGAs with High-Level Synthesis

A Bloom Filter-Based Monitoring Station for a Lawful Interception Platform

Exploring and Enhancing the Performance of Parallel IDS on Multi-core Processors

Contact Info

Product

Resources

About