Detail publikace

Hardware Accelerated Pattern Matching Based on Deterministic Finite Automata with Perfect Hashing

Originální název

Hardware Accelerated Pattern Matching Based on Deterministic Finite Automata with Perfect Hashing

Anglický název

Hardware Accelerated Pattern Matching Based on Deterministic Finite Automata with Perfect Hashing

Jazyk

en

Originální abstrakt

With the increased amount of data transferred by computer networks, the amount of the malicious traffic also increases and therefore it is necessary to protect networks by security systems such as firewalls and Intrusion Detection Systems (IDS) operating at multigigabit speeds. Pattern matching is the time critical operation of current IDS. This paper deals with the analysis of regular expressions used by modern IDS to describe malicious traffic. According to our analysis, more than 64 percent of regular expressions create Deterministic Finite Automaton (DFA) with less than 20 percent of saturation of the transition table which allows efficient implementation of pattern matching into FPGA platform. We propose architecture for fast pattern matching using perfect hashing suitable for implementation into FPGA platform. The memory requirements of presented architecture is closed to the theoretical minimum for sparse transition tables.

Anglický abstrakt

With the increased amount of data transferred by computer networks, the amount of the malicious traffic also increases and therefore it is necessary to protect networks by security systems such as firewalls and Intrusion Detection Systems (IDS) operating at multigigabit speeds. Pattern matching is the time critical operation of current IDS. This paper deals with the analysis of regular expressions used by modern IDS to describe malicious traffic. According to our analysis, more than 64 percent of regular expressions create Deterministic Finite Automaton (DFA) with less than 20 percent of saturation of the transition table which allows efficient implementation of pattern matching into FPGA platform. We propose architecture for fast pattern matching using perfect hashing suitable for implementation into FPGA platform. The memory requirements of presented architecture is closed to the theoretical minimum for sparse transition tables.

BibTex


@inproceedings{BUT35426,
  author="Jan {Kaštil} and Jan {Kořenek}",
  title="Hardware Accelerated Pattern Matching Based on Deterministic Finite Automata with Perfect Hashing",
  annote="With the increased amount of data transferred by
computer networks, the amount of the malicious traffic also
increases and therefore it is necessary to protect networks
by security systems such as firewalls and Intrusion Detection
Systems (IDS) operating at multigigabit speeds. Pattern matching
is the time critical operation of current IDS. This paper deals
with the analysis of regular expressions used by modern IDS
to describe malicious traffic. According to our analysis, more
than 64 percent of regular expressions create Deterministic Finite
Automaton (DFA) with less than 20 percent of saturation of
the transition table which allows efficient implementation of
pattern matching into FPGA platform. We propose architecture
for fast pattern matching using perfect hashing suitable for
implementation into FPGA platform. The memory requirements
of presented architecture is closed to the theoretical minimum
for sparse transition tables.",
  address="IEEE Computer Society",
  booktitle="Proceedings of the 13th IEEE International Symposium on Design and Diagnostics of Electronic Circuits and Systems DDECS 2010",
  chapter="35426",
  edition="NEUVEDEN",
  howpublished="print",
  institution="IEEE Computer Society",
  year="2010",
  month="april",
  pages="149--152",
  publisher="IEEE Computer Society",
  type="conference paper"
}