Yi-Gang Tai scite author profile

Yi-Gang Tai

Sign up to set email alerts

|

11Publications

36Citation Statements Received

38Citation Statements Given

How they've been cited

How they cite others

Affiliations

The University of Texas at San Antonio

Publications

Order By: Most citations

Accelerating Matrix Operations with Improved Deeply Pipelined Vector Reduction

¹

,

²

,

³

2012

IEEE Trans. Parallel Distrib. Syst.

View full text Add to dashboard Cite

Synthesizing Tiled Matrix Decomposition on FPGAs

¹

,

²

,

³

2011

View full text Add to dashboard Cite

Hardware implementation for network intrusion detection rules with regular expression support

¹

,

²

,

³

2008

View full text Add to dashboard Cite

Signature-based network intrusion detection systems (NIDSs), such as Snort and Bro, rely on a rule database that describes traffic patterns for known attacks. They examine each packets flowing through a network segment and report suspicious packets to assure security. An attack signature may be represented in terms of fields in a packet such as source/destination IP addresses, source/destination ports, protocols, specific contents in payload, etc. Typically, a Perl Compatible Regular Expression (PCRE) is used to describe a specific content in the payload which may identify an attack. Our study shows that over 60% of the execution time in an NIDS is found to perform string comparisons against a signature database of over 5,950 tokens and over 1,763 PCREs. This paper proposes to extend a bit-parallel algorithm to support multi-byte processing and PCRE. This design takes a segment of bytes from the payload of a packet and detects all possible tokens including those crossing text segment boundaries. A tool is designed to generate VHDL code from a rule set automatically. Performance results are reported.

Scalable matrix decompositions with multiple cores on FPGAs

¹

,

²

,

³

2013

Microprocessors and Microsystems

View full text Add to dashboard Cite

Space Optimization on Counters for FPGA-Based Perl Compatible Regular Expressions

¹

,

²

2009

ACM Trans. Reconfigurable Technol. Syst.

View full text Add to dashboard Cite

With their expressiveness and simplicity, Perl compatible regular expressions (PCREs) have been adopted in mainstream signature based network intrusion detection systems (NIDSs) to describe known attack signatures, especially for polymorphic worms. NIDSs rely on an underlying string matching engine that simulates PCREs to inspect each network packet. PCRE is a superset of traditional regular expressions, and provides advanced features. However, this pattern matching becomes a performance bottleneck of software-based NIDSs, causing a big portion of their execution time to be dedicated to payload inspection, which results in an unacceptable packet drop rate. The penetration of these unexamined packets creates a security hole in such systems. Over the past decade, hardware acceleration for the pattern matching has been studied extensively and a marginal performance has been achieved. Among hardware approaches, FPGA-based acceleration engines provide great flexibility because new signatures can be compiled and programmed into their reconfigurable architecture. As more and more malicious signatures are discovered, it becomes harder to map a complete set of malicious signatures specified in PCREs to an FPGA chip. One of the space consuming components is the counter used in the constrained repetitions for PCREs. Therefore, we propose a space efficient SelectRAM counter for PCREs that use counting. The design takes advantage of the basic components contained in a configurable logic block, and thus optimizes space usage. A set of basic PCRE blocks has been built in hardware to implement PCREs. Experimental results show that the proposed scheme outperforms existing designs by at least fivefold.

Super fast hardware string matching

¹

,

²

,

³

et al. 2006

View full text Add to dashboard Cite

Applying Out-of-Core QR Decomposition Algorithms on FPGA-Based Systems

¹

,

²

,

³

2007

View full text Add to dashboard Cite

Multiple data set reduction on FPGAs

¹

,

²

,

³

2010

View full text Add to dashboard Cite

12

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Copyright © 2024 scite LLC. All rights reserved.

Made with 💙 for researchers

Part of the Research Solutions Family.