Bloom Filter Accelerator for String Matching

In this paper, we present a hardware architecture for string matching. Our solution based on using a Bloom filter based pre-processor and a parallelized hashing engine is capable of handling wire line speeds with zero false-positive probability. String matching modules are extensively used in the network security domain especially in network intrusion detection systems where they are required to operate at wire line speeds. Our analysis shows that our system is capable of matching 16000 strings and achieves throughput in excess of 100Gbps (i.e. capable of handling 10 OC - 192 links comfortably).

[1]  John Kubiatowicz,et al.  Probabilistic location and routing , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[2]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[3]  Viktor K. Prasanna,et al.  Time and area efficient pattern matching on FPGAs , 2004, FPGA '04.

[4]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[5]  Rina Panigrahy,et al.  String matching engine using parallel hashing , 2006 .

[6]  Li Fan,et al.  Summary cache: a scalable wide-area web cache sharing protocol , 2000, TNET.

[7]  Marc Necker,et al.  TCP-Stream reassembly and state tracking in hardware , 2002, Proceedings. 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[8]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).

[9]  Yossi Matias,et al.  Spectral bloom filters , 2003, SIGMOD '03.

[10]  George Varghese,et al.  Fast Content-Based Packet Handling for Intrusion Detection , 2001 .

[11]  Bernard Chazelle,et al.  The Bloomier filter: an efficient data structure for static support lookup tables , 2004, SODA '04.

[12]  Beate Commentz-Walter,et al.  A String Matching Algorithm Fast on the Average , 1979, ICALP.

[13]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[14]  Brad L. Hutchings,et al.  Assisting network intrusion detection with reconfigurable hardware , 2002, Proceedings. 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[15]  A. Lofgren,et al.  An analysis of FPGA-based UDP/IP stack parallelism for embedded Ethernet connectivity , 2005, 2005 NORCHIP.

[16]  C.J. Coit,et al.  Towards faster string matching for intrusion detection or exceeding the speed of Snort , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[17]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.

[18]  Donald E. Knuth,et al.  Fast Pattern Matching in Strings , 1977, SIAM J. Comput..

[19]  John W. Lockwood,et al.  Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.

[20]  Marcel Waldvogel,et al.  Creating advanced functions on network processors: experience and perspectives , 2003 .

[21]  T. V. Lakshman,et al.  Gigabit rate packet pattern-matching using TCAM , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..