Abstract
Pattern matching for network intrusion/prevention detection demands exceptionally high throughput with recent updates to support new attack patterns. This paper describes a novel FPGA-based pattern matching architecture using a recent hashing algorithm called Cuckoo Hashing. The proposed architecture features on-the-fly pattern updates without reconfiguration, more efficient hardware utilization, and higher throughput. Through various algorithmic changes of Cuckoo Hashing, we can implement parallel pattern matching on SRAM-based FPGA. Our system can accommodate the newest Snort rule-set, an open source Network Intrusion Detection/Prevention System, and achieve the highest utilization in terms of SRAM per character and Logic Cells per character at 15.63 bits/character and 0.033 Logic Cells/character, respectively on major Xilinx Virtex FPGA architectures. Compared to others, ours is more efficient than any other Xilinx FPGA architectures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
SNORT: The Open Source Network Intrusion Detection System. http://www.snort.org
Pagh, R., Rodler, F.F.: Cuckoo hashing. Journal of Algorithms 51, 122–144 (2004)
Moscola, J., Lockwood, J., Loui, R.P., Pachos, M.: Implementation of a content-scanning module for an internet firewall. In: Proceedings of the 11th IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM), pp. 31–38. IEEE Computer Society Press, Los Alamitos (2003)
Clark, C.R., Schimmel, D.E.: Scalable pattern matching for high speed networks. In: Proceedings of the 12th IEEE Symposium on FCCM, pp. 249–257. IEEE Computer Society Press, Los Alamitos (2004)
Sourdis, I., Pnevmatikatos, D.: Pre-decoded cams for efficient and high-speed NIDS pattern matching. In: Proceedings of the 12th IEEE Symposium on FCCM, pp. 258–267. IEEE Computer Society Press, Los Alamitos (2004)
Dharmapurikar, S., Krishnamurthy, P., Spoull, T., Lockwood, J.: Deep Packet Inspection using Bloom Filters. In: Hot Interconnects, pp. 44–51 (2003)
Cho, Y.H., M-Smith, W.H.: Fast reconfiguring deep packet filter for 1+ gigabit network. In: Proceedings of the 13th IEEE Symposium on FCCM, pp. 215–224. IEEE Computer Society Press, Los Alamitos (2005)
Papadopoulos, G., Pnevmatikatos, D.: Hashing + memory = low cost, exact pattern matching. In: Proceedings of the 15th International Conference on Field Programmable Logic and Applications, pp. 39–44 (2005)
Pnevmatikatos, D., Arelakis, A.: Variable-length hashing for exact pattern matching. In: Proceedings of the 16th International Conference on Field Programmable Logic and Applications, pp. 1–6 (2006)
Sourdis, I., Pnevmatikatos, D., Wong, S., Vassiliadis, S.: A reconfigurable perfect-hashing scheme for packet inspection. In: Proceedings of the 15th International Conference on Field Programmable Logic and Applications, pp. 644–647 (2005)
Siegel, A.: On universal classes of fast high performance hash functions, their time–space tradeoff, and their applications. In: Proceedings of the 30th Annual Symposium on Foundations of Computer Science, pp. 20–25. IEEE Computer Society Press, Los Alamitos (1989)
Carter, J.L., Wegman, M.N.: Universal classes of hash functions. Journal of Computer System Sci. 18, 143–154 (1979)
Ramakrishna, M.V., Zobel, J.: Performance in Practice of String Hashing Functions. In: Proceedings of the Fifth International Conference on Database Systems for Advanced Applications, vol. 6, pp. 215–224 (1997)
Xilinx Application Note. http://www.xilinx.com/bvdocs/appnotes/xapp211.pdf
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tran, T.N., Kittitornkun, S. (2007). FPGA-Based Cuckoo Hashing for Pattern Matching in NIDS/NIPS. In: Ata, S., Hong, C.S. (eds) Managing Next Generation Networks and Services. APNOMS 2007. Lecture Notes in Computer Science, vol 4773. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75476-3_34
Download citation
DOI: https://doi.org/10.1007/978-3-540-75476-3_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75475-6
Online ISBN: 978-3-540-75476-3
eBook Packages: Computer ScienceComputer Science (R0)