Memory-efficient pattern matching architectures using perfect hashing on graphic processing units

Lin, Cheng-Hung; Liu, Chen-Hsiung; Chang, Shih-Chieh; Hon, Wing-Kai

doi:10.1109/infcom.2012.6195575

Cited by 13 publications

(7 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The approaches to acceleration involve designing efficient pattern-matching algorithms [33,217] , leveraging hardware implementation [40,179,193,202], and program parallelization [222]. The interest in this issue persists in the research community of intrusion detection even until recently [146,171,178,187,270]. Many existing solutions can accelerate the matching with flexible patterns such as regular expressions, achieving a linear time complexity even in the worst case.…”

Section: Detection Methodologiesmentioning

confidence: 99%

Security configuration management in intrusion detection and prevention systems

Alsubhi

Alhazmi

Bouabdallah

et al. 2012

IJSN

View full text Add to dashboard Cite

Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defense against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. IDPSs can be network or host-based and can collaborate in order to provide better detection of malicious traffic. Although several IDPS systems have been proposed, their appropriate configuration and control for effective detection/prevention of attacks and efficient resource consumption is still far from trivial.Another concern is related to the slowing down of system performance when maximum security is applied, hence the need to trade off between security enforcement levels and the performance and usability of an enterprise information system.In this dissertation, we present a security management framework for the configuration and control of the security enforcement mechanisms of an enterprise information system. The approach leverages the dynamic adaptation of security measures based on the assessment of system vulnerability and threat prediction, and provides several levels of attack containment. Furthermore, we study the impact of security enforcement levels on the performance and usability of an enterprise information system. In particular, we analyze the impact of an IDPS configuration on the resulting security of the network, and on the network performance. We also analyze the performance of the IDPS for different configurations and under different traffic characteristics. The analysis can then be used to predict the impact of a given security configuration on the prediction of the impact on network performance.iii Acknowledgements All praise is due to Allah who guided me through out this research and beyond.My deepest gratitude is to my advisor, Prof. Raouf Boutaba, for his guidance, support, patience, and encouragement. I have been amazingly fortunate to have an advisor who gave me the freedom to explore on my own, and at the same time the guidance to recover when my steps faltered. He was always available, professional, and friendly. I have learned from him to think differently, be optimistic, and be self motivated. This work would have not been done without his advice and valuable comments.

show abstract

Section: Detection Methodologiesmentioning

confidence: 99%

Security configuration management in intrusion detection and prevention systems

Alsubhi

Alhazmi

Bouabdallah

et al. 2012

IJSN

View full text Add to dashboard Cite

show abstract

“…Then it shows big performance improvement over the original serial Aho-Corasick algorithm. They published the second paper [3] of improving the PFAC by introducing a hash function method.…”

Section: Related Workmentioning

confidence: 99%

“…However, the main drawback of the original Aho-Corasick algorithm, which is based on sequential processing logic is the performance. The solution for the issue about the performance was introduced by Lin et al [2] [3] by introducing a parallel version of the Aho-Corasick algorithm called Parallel Failure-less Aho-Corasick (PFAC) algorithm which runs on GPGPUs.…”

Section: Introductionmentioning

confidence: 99%

An optimized Parallel Failure-less Aho-Corasick algorithm for DNA sequence matching

Thambawita

Ragel

Elkaduwe

2016

2016 IEEE International Conference on Information and Automation for Sustainability (ICIAfS)

View full text Add to dashboard Cite

The Aho-Corasick algorithm is a multiple patterns searching algorithm running sequentially in various applications like network intrusion detection and bioinformatics for finding several input strings within a given large input string. The parallel version of the Aho-Corasick algorithm is called as Parallel Failure-less Aho-Corasick algorithm because it doesnt need failure links like in the original Aho-Corasick algorithm. In this research, we implemented an application specific parallel failureless Aho-Corasick algorithm on the general purpose graphic processing unit by applying several cache optimization techniques for matching DNA sequences. Our parallel Aho-Corasick algorithm shows better performance than the available parallel Aho-Corasick algorithm library due to its simplicity and optimized cache memory usage of graphic processing units for matching DNA sequences.keywords-Aho-Corasick, GPGPU, DNA sequence matching

show abstract

“…Lin proposed a memory-efficient patternmatching algorithm with FSM hardware design to reduce the memory requirement of Snort rule sets for inspecting packet contents against thousands of predefined malicious or suspicious patterns [3]. Furthermore, he proposed another memoryefficient architecture using perfect hashing to condense state transition tables without hash collisions [4]. The implemented architecture is on graphic processing units and tested using attack patterns from Snort system and input packets are from DEFCON.…”

mentioning

confidence: 99%

High-throughput ASIC design for e-mail and web intrusion detection

Chen

Hsiao

et al. 2015

IEICE Electron. Express

View full text Add to dashboard Cite

Abstract:The malicious attacks adversely affect every user over the Internet. This paper proposes an application-specific integrated circuit (ASIC) design with parallel exact matching (PEM) architecture to accelerate the Snort intrusion detection system (IDS). The PEM is half mesh architecture to compare the Snort rules in parallel. The ASIC named snort rule accelerator (SRA) focuses on the TCP protocol to detect the attacks of e-mail and web applications. As shown in post-layout simulation, the ASIC operated at 435 MHz to perform the needs of high speed with 13.9 Gbps system throughputs. So that it resolves the complexity of information security limitation to manage data received from the 10 Gbps core network.

show abstract

Memory-efficient pattern matching architectures using perfect hashing on graphic processing units

Cited by 13 publications

References 9 publications

Security configuration management in intrusion detection and prevention systems

Security configuration management in intrusion detection and prevention systems

An optimized Parallel Failure-less Aho-Corasick algorithm for DNA sequence matching

High-throughput ASIC design for e-mail and web intrusion detection

Contact Info

Product

Resources

About