Compiling PCRE to FPGA for accelerating SNORT IDS

Mitra, Abhishek; Najjar, Walid; Bhuyan, Laxmi N.

doi:10.1145/1323548.1323571

Cited by 136 publications

(96 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Figure 7 shows the various results for the clock rates reported against each design. Our ECD-NFA1RE design"s clock rate is about 22% higher than the next highest reported clock rate by [28], and about 78% higher than the least reported clock rate by [24] as seen in Figure 7. The throughput of the ECD-NFA design is also about 22% better than the next highest throughput reported by [28] and as seen in Figure 8.…”

Section: Discussionmentioning

confidence: 66%

“…The design in [23] memorizes the path that the trigger signal emanates from, based on specific constraints suitable for both exact string matching and complex regexp matching. A Perl Compatible Regular Expression (PCRE) compiler that converts regexps from the Snort ruleset into PCRE opcodes was implemented in [24]. The opcodes are instructions for the software based PCRE engine defined in a file called pcre_internal.h which is part of the PCRE Package.…”

Section: Related Workmentioning

confidence: 99%

“…The compiler translated the PCRE opcodes into VHSIC Hardware Description Language (VHDL) codes necessary for parallel implementation in the FPGA. Mitra et al [24] in their design used a wider input bus through an SRAM interface, which helped to increase the overall matching throughput. An automatic architectural optimisation approach was implemented by Yang et al [7] which spatially stack regexps matching circuits called REMs to form multiple character matching (MCMs) circuits.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

A Highly Compressible Regular Expression Matching Circuit for Network Intrusion Detection Systems: An ECD-NFA approach

Modi¹,

Tripp²

2016

IOSR

View full text Add to dashboard Cite

show abstract

Section: Discussionmentioning

confidence: 66%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Highly Compressible Regular Expression Matching Circuit for Network Intrusion Detection Systems: An ECD-NFA approach

Modi¹,

Tripp²

2016

IOSR

View full text Add to dashboard Cite

show abstract

“…To update them, the chip must be redesigned, which usually requires high production cost. Mitra et al [14], [17] implemented an NFA-based regular-expression engine on an SGI Altix 4700 workstation with FPGA support. The throughput of the NFA improved noticeably as a result of their study, whereas the compact memory requirement was maintained.…”

Section: Related Workmentioning

confidence: 99%

A Lightweight Software Model for Signature-Based Application-Level Traffic Classification System

Park

Yoon

Won

et al. 2014

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYInternet traffic classification is an essential step for stable service provision. The payload signature classifier is considered a reliable method for Internet traffic classification but is prohibitively computationally expensive for real-time handling of large amounts of traffic on high-speed networks. In this paper, we describe several design techniques to minimize the search space of traffic classification and improve the processing speed of the payload signature classifier. Our suggestions are (1) selective matching algorithms based on signature type, (2) signature reorganization using hierarchical structure and traffic locality, and (3) early packet sampling in flow. Each can be applied individually, or in any combination in sequence. The feasibility of our selections is proved via experimental evaluation on traffic traces of our campus and a commercial ISP. We observe 2 to 5 times improvement in processing speed against the untuned classification system and Snort Engine, while maintaining the same level of accuracy.

show abstract

“…Intel [12] [14], to improve the performance of DPI applications. In general, none of them can be proved to have good scalability with multi-cores.…”

Section: Related Workmentioning

confidence: 99%

High performance Deep Packet Inspection on multi-core platform

Wang

Morris

Wang

2009

2009 2nd IEEE International Conference on Broadband Network &Amp; Multimedia Technology

View full text Add to dashboard Cite

Deep Packet Inspection (DPI) provides the ability to perform Quality of Service (QoS) and Intrusion Detection on network packets. But since the explosive growth of Intrnet, performance and scalability issues have been raised due to the gap between network and end-system speeds. This article describles how a desirable DPI system with multi-gigabits throughput and good scalability should be like by exploiting parallelism on Network Interface Card, network stack and user applications. Connection-basedParallelism, Affinity-based Scheduling and Lock-free Data Structure are the main technologies introduced to alleviate the performance and scalability issues. A common DPI application L7-Filter is used as an example to illustrate the applicaiton level parallelism.

show abstract

Compiling PCRE to FPGA for accelerating SNORT IDS

Cited by 136 publications

References 16 publications

A Highly Compressible Regular Expression Matching Circuit for Network Intrusion Detection Systems: An ECD-NFA approach

A Highly Compressible Regular Expression Matching Circuit for Network Intrusion Detection Systems: An ECD-NFA approach

A Lightweight Software Model for Signature-Based Application-Level Traffic Classification System

High performance Deep Packet Inspection on multi-core platform

Contact Info

Product

Resources

About