A Memory-Efficient Reconfigurable Aho-Corasick FSM Implementation for Intrusion Detection Systems

Dimopoulos, Vassilis; Papaefstathiou, Ioannis; Pnevmatikatos, Dionisios

doi:10.1109/icsamos.2007.4285750

Cited by 25 publications

(10 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Software DPIs (such as SNORT, Bro, and L7-filter) are detailed described in [29]. For a pattern matching algorithm used in DPI there are two categories: software (KMP [18], BM [20], AC [21] and WM [22]) and hardware (DFA [23], BF [24,25], and CAM). Pattern matching described in [26] is capable of operating at 8Gbps.…”

Section: B Payload Processing Design Of Netfpga-basedmentioning

confidence: 99%

The Development Status and Trend of NetFPGA

Cao

Zheng

Sun

2015

2015 International Conference on Network and Information Systems for Computers

View full text Add to dashboard Cite

In recent years, with the rapid development of the Internet, ever increasing traffic and link-bandwidths presented serious challenges for computer network-related research such as high-speed algorithm and development of high-performance network equipment. Of course, increasing complication in hardware, firewall filtering and Encryption technology, makes programmability getting more and more attention in switches, routers and other network devices. This paper introduces the development process of NetFPGA, makes a comprehensive summary in the study of high performance network, and describes its advantages in high-speed, parallel and real-time. We present a brief introduction to our current work simultaneously. Finally, the paper points out the NetFPGA development direction and trends in future work.

show abstract

Section: B Payload Processing Design Of Netfpga-basedmentioning

confidence: 99%

The Development Status and Trend of NetFPGA

Cao

Zheng

Sun

2015

2015 International Conference on Network and Information Systems for Computers

View full text Add to dashboard Cite

show abstract

“…There are practical difficulties and substantial overheads in implementing a large number of FSMs in hardware. Dimopoulos et al [2007] proposed to divide the 256 alphabets into frequent and infrequent characters based on their frequency counts in the signature set. A full state graph is constructed for frequent characters, where the transition rule table for infrequent characters is implemented using CAM.…”

Section: Related Work On State Graph Reductionmentioning

confidence: 99%

“…The hardware cost of bit-split FSM is obtained from Jung et al [2006]. The performance of CDFA is obtained from Song et al [2008], and the performance of split-AC is obtained from Dimopoulos et al [2007]. For the split-AC method, there can be trade-off between memory cost and control logic.…”

Section: Performance Evaluationmentioning

confidence: 99%

A memory-efficient pipelined implementation of the aho-corasick string-matching algorithm

Pao

Lin

Liu

2010

ACM Trans. Archit. Code Optim.

View full text Add to dashboard Cite

With rapid advancement in Internet technology and usages, some emerging applications in data communications and network security require matching of huge volume of data against large signature sets with thousands of strings in real time. In this article, we present a memory-efficient hardware implementation of the well-known Aho-Corasick (AC) string-matching algorithm using a pipelining approach called P-AC. An attractive feature of the AC algorithm is that it can solve the string-matching problem in time linearly proportional to the length of the input stream, and the computation time is independent of the number of strings in the signature set. A major disadvantage of the AC algorithm is the high memory cost required to store the transition rules of the underlying deterministic finite automaton. By incorporating pipelined processing, the state graph is reduced to a character trie that only contains forward edges. Together with an intelligent implementation of look-up tables, the memory cost of P-AC is only about 18 bits per character for a signature set containing 6,166 strings extracted from Snort. The control structure of P-AC is simple and elegant. The cost of the control logic is very low. With the availability of dual-port memories in FPGA devices, we can double the system throughput by duplicating the control logic such that the system can process two data streams concurrently. Since our method is memory-based, incremental changes to the signature set can be accommodated by updating the look-up tables without reconfiguring the FPGA circuitry. ACM Reference Format:Pao, D., Lin, W., and Liu, B. 2010. A memory-efficient pipelined implementation of the aho-corasick string-matching algorithm. ACM Trans.

show abstract

“…This algorithm is for searching strings which is used in [6] and [7]. In [7] a novel algorithm is proposed which results in reducing memory requirement.…”

Section: Aho-corasick Algorithmmentioning

confidence: 99%

Real time implementation of intrusion detection system with reconfigurable architecture

Moghaddam

2012

2012 IEEE Conference on Open Systems

View full text Add to dashboard Cite

Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations of computer security policies, or standard security practices. Intrusion detection system identifies possible incidents, logs information and provides report about them. In this article a real time intrusion detection system using SNORT rules and KMP algorithm is implemented in reconfigurable hardware. The parallel structure of this architecture let us to achieve a high real time performance at rate 100Mbps as it is shown by simulation and synthesis results on VIRTEX4.

show abstract

A Memory-Efficient Reconfigurable Aho-Corasick FSM Implementation for Intrusion Detection Systems

Cited by 25 publications

References 17 publications

The Development Status and Trend of NetFPGA

The Development Status and Trend of NetFPGA

A memory-efficient pipelined implementation of the aho-corasick string-matching algorithm

Real time implementation of intrusion detection system with reconfigurable architecture

Contact Info

Product

Resources

About