TY - JOUR
T1 - Efficient pattern matching algorithm for memory architecture
AU - Lin, Cheng Hung
AU - Chang, Shih Chieh
N1 - Funding Information:
Manuscript received August 12, 2008; revised February 25, 2009. First published September 29, 2009; current version published December 27, 2010. This work was supported in part by the R.O.C. National Science Council under Grant NSC 97-2220-E-007-041 and 97-2218-E-003-002.
PY - 2011/1
Y1 - 2011/1
N2 - Network intrusion detection system is used to inspect packet contents against thousands of predefined malicious or suspicious patterns. Because traditional software alone pattern matching approaches can no longer meet the high throughput of today's networking, many hardware approaches are proposed to accelerate pattern matching. Among hardware approaches, memory-based architecture has attracted a lot of attention because of its easy reconfigurability and scalability. In order to accommodate the increasing number of attack patterns and meet the throughput requirement of networks, a successful network intrusion detection system must have a memory-efficient pattern-matching algorithm and hardware design. In this paper, we propose a memory-efficient pattern-matching algorithm which can significantly reduce the memory requirement. For Snort rule sets, the new algorithm achieves 21% of memory reduction compared with the traditional AhoCorasick algorithm. In addition, we can gain 24% of memory reduction by integrating our approach to the bit-split algorithm which is the state-of-the-art memory-based approach.
AB - Network intrusion detection system is used to inspect packet contents against thousands of predefined malicious or suspicious patterns. Because traditional software alone pattern matching approaches can no longer meet the high throughput of today's networking, many hardware approaches are proposed to accelerate pattern matching. Among hardware approaches, memory-based architecture has attracted a lot of attention because of its easy reconfigurability and scalability. In order to accommodate the increasing number of attack patterns and meet the throughput requirement of networks, a successful network intrusion detection system must have a memory-efficient pattern-matching algorithm and hardware design. In this paper, we propose a memory-efficient pattern-matching algorithm which can significantly reduce the memory requirement. For Snort rule sets, the new algorithm achieves 21% of memory reduction compared with the traditional AhoCorasick algorithm. In addition, we can gain 24% of memory reduction by integrating our approach to the bit-split algorithm which is the state-of-the-art memory-based approach.
KW - AhoCorasick (AC) algorithm
KW - finite automata
KW - pattern matching
UR - http://www.scopus.com/inward/record.url?scp=78650922894&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78650922894&partnerID=8YFLogxK
U2 - 10.1109/TVLSI.2009.2028346
DO - 10.1109/TVLSI.2009.2028346
M3 - Article
AN - SCOPUS:78650922894
SN - 1063-8210
VL - 19
SP - 33
EP - 41
JO - IEEE Transactions on Very Large Scale Integration (VLSI) Systems
JF - IEEE Transactions on Very Large Scale Integration (VLSI) Systems
IS - 1
M1 - 5272427
ER -