Advertisement

Over 10Gbps String Matching Mechanism for Multi-stream Packet Scanning Systems

  • Yutaka Sugawara
  • Mary Inaba
  • Kei Hiraki
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3203)

Abstract

In this paper, we propose a string matching method for high-speed multi-stream packet scanning on FPGA. Our algorithm is capable of lightweight switching between streams, and enables easy implementation of multi-stream scanners. Furthermore, our method also enables high throughput. Using Xilinx XC2V6000-6 FPGA, we achieved 32Gbps for a 1000 characters rule set, and 14Gbps for a 2000 characters one. Rules can be updated by reconfiguration, and we implemented a converter that from given rules automatically generates the matching unit.

Keywords

Lookup Table Bloom Filter String Match Clock Speed Table Size 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Coit, C.J., Staniford, S., McAlerney, J.: Towards Faster String Matching for Intrusion Detection or Exceeding the Speed of Snort. In: DISCEXII, DARPA Information Survivability conference and Exposition (2001)Google Scholar
  2. 2.
    Cho, Y.H., Navab, S., Mangione-Smith, W.H.: Specialized Hardware for Deep Network Packet Filtering. In: Glesner, M., Zipf, P., Renovell, M. (eds.) FPL 2002. LNCS, vol. 2438, p. 452. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Sourdis, I., Pnevmatikatos, D.: Fast, Large-Scale String Match for a 10Gbps FPGAbased Network Intrusion Detection System. In: Y. K. Cheung, P., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Gokhale, M., Dubois, D., Dubois, A., Boorman, M., Poole, S., Hogsett, V.: Granidt: Towards Gigabit Rate Network Intrusion Detection Technology. In: Glesner, M., Zipf, P., Renovell, M. (eds.) FPL 2002. LNCS, vol. 2438, p. 404. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Sidhu, R., Prasanna, V.K.: Fast regular expression matching using fpgas. In: Proc. of 9th IEEE Symp. on Field-Programmable Custom Computing Machines, FCCM 2001 (2001)Google Scholar
  6. 6.
    Hutchings, B.L., Franklin, R., Carver, D.: Assisting network intrusion detection with reconfigurable hardware. In: Proc. of 10 th Annual IEEE Symp. on Field- Programmable Custom Computing Machines (FCCM 2002), pp. 111–120 (2002)Google Scholar
  7. 7.
    Clark, C., Schimmel, D.: Scalable pattern matching for high speed networks. In: Proc. of 12th IEEE Symp. on Field-Programmable Custom Computing Machines, FCCM 2004 (2004)Google Scholar
  8. 8.
    Moscola, J., Lockwood, J., Loui, R.P., Pachos, M.: Implementation of a contentscanning module for an internet firewall. In: Proc. of 11th Annual IEEE Symp. on Field-Programmable Custom Computing Machines (FCCM 2003), pp. 31–38 (2003)Google Scholar
  9. 9.
    Dharmapurikar, S., Krishnamurthy, P., Sproull, T., Lockwood, J.: Deep packet inspection using parallel bloom filters. In: Proc. of 11th IEEE Symp. on High Performance Interconnects (HotI 2003), pp. 44–51 (2003)Google Scholar
  10. 10.
    Baker, Z.K., Prasanna, V.K.: Time and Area Efficient Pattern Matching on FPGAs. In: Proc. of the 2004 ACM/SIGDA 12th Intl. Symp. on Field programmable gate arrays(FPGA 2004), pp. 223–232 (2004)Google Scholar
  11. 11.
    Aho, V., Corasick, M.J.: Efficient String Matching: An Aid to Bibliographic Search. Communications of the ACM 18, 333–340 (1975)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Handley, M., Paxson, V.: Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. In: Proc. of 10th USENIX Security Symposium (2001)Google Scholar
  13. 13.
    Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: Proc. of Lisa 1999: 13th Administration Conference (1999)Google Scholar
  14. 14.
    Sugawara, Y.: Correctness Proof of the SBT method. Technical report, Dept. of Computer, Science, Univ. of Tokyo (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Yutaka Sugawara
    • 1
  • Mary Inaba
    • 1
  • Kei Hiraki
    • 1
  1. 1.Department of Computer Science, Graduate School of Information Science and TechnologyUniversity of TokyoTokyoJapan

Personalised recommendations