Alphabet based selected character decoding for area efficient pattern matching architecture on FPGAs

In this paper, we present an idea of selected character decoding (SCD) based on alphabet for network usage, especially network intrusion detection system (NIDS). SCD extends the approaches using decoder in order to achieve the least number of comparison units. The definitions of alphabet help to give the selections of characters for decoding, especially the alphabets of vertical left alignment (Avla). This paper also introduces a pattern matching architecture with alphabet based SCD. This architecture takes full advantages of the idea of pre-decoding and achieves the same high frequency as the one based on decoder while saving more than half resources. The third contribution of this paper is the idea and initial model for resource estimation just based on given pattern sets. To 1197 real patterns in Snort v2.3.3, experimental results show the resources used in alphabet based SCD is just 35.1% of the one in traditional 8-256 decoder. Targeting on Xilinx Virtex2Pro20 (speed grade 7), the pattern matching architecture can achieve 271 mHz, with 4.3Gbps throughput and can be scalable linearly.

[1]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[2]  John W. Lockwood,et al.  Implementation of a content-scanning module for an Internet firewall , 2003, 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2003. FCCM 2003..

[3]  John W. Lockwood,et al.  Deep packet inspection using parallel Bloom filters , 2003, 11th Symposium on High Performance Interconnects, 2003. Proceedings..

[4]  Dionisios N. Pnevmatikatos,et al.  Pre-decoded CAMs for efficient and high-speed NIDS pattern matching , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[5]  Christopher R. Clark,et al.  Scalable pattern matching for high speed networks , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[6]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).

[7]  Peter Sutton Partial character decoding for improved regular expression matching in FPGAs , 2004, Proceedings. 2004 IEEE International Conference on Field- Programmable Technology (IEEE Cat. No.04EX921).

[8]  John W. Lockwood,et al.  Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.

[9]  Wenke Lee,et al.  A hardware platform for network intrusion detection and prevention , 2005 .

[10]  William H. Mangione-Smith,et al.  Deep packet filter with dedicated logic and read only memories , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[11]  Dionisios N. Pnevmatikatos,et al.  Fast, Large-Scale String Match for a 10Gbps FPGA-Based Network Intrusion Detection System , 2003, FPL.