1 / 15

Optimization of Regular Expression Pattern Matching Circuits on FPGA

This study focuses on optimizing regular expression pattern matching circuits on FPGA to improve the efficiency of network intrusion detection systems (NIDS). With the rise in network attacks, traditional software-based NIDS may become inadequate due to performance limitations. The research introduces a novel architecture that incorporates essential components to effectively minimize regular expression circuits, accommodating a large number of expressions while enhancing the detection speed. The empirical results demonstrate significant optimization of the circuits synthesized using Xilinx tools.

addo
Télécharger la présentation

Optimization of Regular Expression Pattern Matching Circuits on FPGA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Optimization of Regular Expression Pattern Matching Circuits on FPGA Authors: Cheng-Hung Lin, Chih-Tsun Huang, Chang-Ping Jiang, and Shih-Chieh Chang Publisher: IEEE VLSI, 2007 Present: Pei-Hua Huang Date: 2014/02/19

  2. Introduction • Regular expressions are widely used in the network intrusion detection system (NIDS) to represent attack patterns • Due to the rapid increase of network attacks and data traffic, traditional software-only NIDS may be too slow for networking needs • many studies [1][2][3][4][5] proposed hardware architectures for accelerating attack detection • the main challenges of hardware implementation is to accommodate the large number regular expressions to FPGAs

  3. Introduction

  4. Introduction

  5. Regular expressions for attacks’ description • In Snort, two types of regular expression are used to describe attack patterns • The first type defines exact string patterns such as "AhhhhMy Mouth Is Open.” • The second type consists of meta-characters (^ , $, |, *, ?) ex. “^GET[^s]{432}”

  6. Minimization of regular expression circuits • Given m regular expressions, R1,R2,…, Rm, and assuming that all of them have the infix common sub-pattern, Rc, the m regular expressions can be represented as R1preRcR1post , R2preRcR2post,…, and RmpreRcRmpost • two additional circuit blocks are inserted • The switch module is used to memorize where the trigger signal comes from • DeMux(De-Multiplexer) to guide the output of Rcto the correct postfix circuit

  7. Minimization of regular expression circuits

  8. Minimization of regular expression circuits • The new architecture has two constraints • Constraint 1: For the m regular expressions in Figure 4, {R1preRcR1post, R2preRcR2post, …, RmpreRcRmpost}, the prefix Rjpre cannot be null for j∈1...m Pattern1: abcdefgh Pattern2: defpq

  9. Constraint 2: For the m regular expressions in Figure 4, {R1preRcR1post, R2preRcR2post, …, RmpreRcRmpost}, the Rccannot be shared if Rjpre⊂RkpreRc, ∀k ≠ j , k, j∈1…m Pattern1: abcdefgh Pattern2: dedefpq

  10. Regular expression module generator • The sharing gain of a common sub-pattern is defined to be the number of characters in the sub-pattern multiplies by the number of regular expressions having the sub-pattern • For example, three regular expressions, “1Common1”, “2Common2”, and “3Common3” have the common sub-pattern “Common.” The sharing gain of the common sub-pattern is 18=6*3

  11. Basic components of NFA approach

  12. Basic components of NFA approach

  13. Experimental results • the regular expression patterns from Snort and Trend Micro • all circuits being synthesized by Xilinx ISE7.1i, where the target FPGA is Xilinx VirtexXCV2000E consisting of 19,200 slices

More Related