Super fast hardware string matching+

Chia Tien Dan Lo, Yi Gang Tai, Kleanthis Psarris, Wen Jyi Hwang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

With the appearance of multi-gigabit network infrastructure, a typical network intrusion detection system (NIDS) has to cope with the network speed. By examining each packet flowing through a network segment, suspicious packets are detected and reported to assure security. Up to 57 % of the execution time in a NIDS is found to compare string against a predefined/known pattern. It is hard to implement a multigigabit performance NIDS without hardware support. This paper proposes a very high speed string matching algorithm which can be easily implemented into FPGAs. The parallel matching design takes a segment of text from the payload of a packet and detects all possible tokens including those crossing text segment boundaries. Simulation results show a throughput of 23.43 Gbps with a moderate operating frequency of 366.2 MHz.

Original languageEnglish
Title of host publicationProceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006
Pages385-388
Number of pages4
DOIs
Publication statusPublished - 2006 Dec 1
Event2006 IEEE International Conference on Field Programmable Technology, FPT 2006 - Bangkok, Thailand
Duration: 2006 Dec 132006 Dec 15

Publication series

NameProceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006

Other

Other2006 IEEE International Conference on Field Programmable Technology, FPT 2006
CountryThailand
CityBangkok
Period06/12/1306/12/15

Fingerprint

Intrusion detection
Hardware
String searching algorithms
Network performance
Field programmable gate arrays (FPGA)
Throughput

Keywords

  • FPGAs
  • Intrusion detection
  • Network intrusion detection system
  • Security
  • String match algorithm

ASJC Scopus subject areas

  • Software

Cite this

Lo, C. T. D., Tai, Y. G., Psarris, K., & Hwang, W. J. (2006). Super fast hardware string matching+. In Proceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006 (pp. 385-388). [4042476] (Proceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006). https://doi.org/10.1109/FPT.2006.270354

Super fast hardware string matching+. / Lo, Chia Tien Dan; Tai, Yi Gang; Psarris, Kleanthis; Hwang, Wen Jyi.

Proceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006. 2006. p. 385-388 4042476 (Proceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Lo, CTD, Tai, YG, Psarris, K & Hwang, WJ 2006, Super fast hardware string matching+. in Proceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006., 4042476, Proceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006, pp. 385-388, 2006 IEEE International Conference on Field Programmable Technology, FPT 2006, Bangkok, Thailand, 06/12/13. https://doi.org/10.1109/FPT.2006.270354
Lo CTD, Tai YG, Psarris K, Hwang WJ. Super fast hardware string matching+. In Proceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006. 2006. p. 385-388. 4042476. (Proceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006). https://doi.org/10.1109/FPT.2006.270354
Lo, Chia Tien Dan ; Tai, Yi Gang ; Psarris, Kleanthis ; Hwang, Wen Jyi. / Super fast hardware string matching+. Proceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006. 2006. pp. 385-388 (Proceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006).
@inproceedings{0b21350f4c174e9199a4d8acab89028a,
title = "Super fast hardware string matching+",
abstract = "With the appearance of multi-gigabit network infrastructure, a typical network intrusion detection system (NIDS) has to cope with the network speed. By examining each packet flowing through a network segment, suspicious packets are detected and reported to assure security. Up to 57 {\%} of the execution time in a NIDS is found to compare string against a predefined/known pattern. It is hard to implement a multigigabit performance NIDS without hardware support. This paper proposes a very high speed string matching algorithm which can be easily implemented into FPGAs. The parallel matching design takes a segment of text from the payload of a packet and detects all possible tokens including those crossing text segment boundaries. Simulation results show a throughput of 23.43 Gbps with a moderate operating frequency of 366.2 MHz.",
keywords = "FPGAs, Intrusion detection, Network intrusion detection system, Security, String match algorithm",
author = "Lo, {Chia Tien Dan} and Tai, {Yi Gang} and Kleanthis Psarris and Hwang, {Wen Jyi}",
year = "2006",
month = "12",
day = "1",
doi = "10.1109/FPT.2006.270354",
language = "English",
isbn = "0780397282",
series = "Proceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006",
pages = "385--388",
booktitle = "Proceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006",

}

TY - GEN

T1 - Super fast hardware string matching+

AU - Lo, Chia Tien Dan

AU - Tai, Yi Gang

AU - Psarris, Kleanthis

AU - Hwang, Wen Jyi

PY - 2006/12/1

Y1 - 2006/12/1

N2 - With the appearance of multi-gigabit network infrastructure, a typical network intrusion detection system (NIDS) has to cope with the network speed. By examining each packet flowing through a network segment, suspicious packets are detected and reported to assure security. Up to 57 % of the execution time in a NIDS is found to compare string against a predefined/known pattern. It is hard to implement a multigigabit performance NIDS without hardware support. This paper proposes a very high speed string matching algorithm which can be easily implemented into FPGAs. The parallel matching design takes a segment of text from the payload of a packet and detects all possible tokens including those crossing text segment boundaries. Simulation results show a throughput of 23.43 Gbps with a moderate operating frequency of 366.2 MHz.

AB - With the appearance of multi-gigabit network infrastructure, a typical network intrusion detection system (NIDS) has to cope with the network speed. By examining each packet flowing through a network segment, suspicious packets are detected and reported to assure security. Up to 57 % of the execution time in a NIDS is found to compare string against a predefined/known pattern. It is hard to implement a multigigabit performance NIDS without hardware support. This paper proposes a very high speed string matching algorithm which can be easily implemented into FPGAs. The parallel matching design takes a segment of text from the payload of a packet and detects all possible tokens including those crossing text segment boundaries. Simulation results show a throughput of 23.43 Gbps with a moderate operating frequency of 366.2 MHz.

KW - FPGAs

KW - Intrusion detection

KW - Network intrusion detection system

KW - Security

KW - String match algorithm

UR - http://www.scopus.com/inward/record.url?scp=43749105567&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=43749105567&partnerID=8YFLogxK

U2 - 10.1109/FPT.2006.270354

DO - 10.1109/FPT.2006.270354

M3 - Conference contribution

AN - SCOPUS:43749105567

SN - 0780397282

SN - 9780780397286

T3 - Proceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006

SP - 385

EP - 388

BT - Proceedings - 2006 IEEE International Conference on Field Programmable Technology, FPT 2006

ER -