Deterministic high-speed root-hashing automaton matching coprocessor for embedded network processor

While string matching plays an important role in deep packet inspection applications, its software algorithms are insufficient to meet the demands of high-speed performance. Accordingly, we were motivated to propose fast and deterministic performance root-hashing automaton matching (RHAM) coprocessor for embedded network processor. Although automaton algorithms are robust with deterministic matching time, there is still plenty of room for improvement of their average-case performance. The proposed RHAM employs novel root-hashing technique to accelerate automaton matching. In our experiment, RHAM is implemented in a prevalent automaton algorithm, Aho-Corasick (AC) which is often used in many packet inspection applications. Compared to the original AC, RHAM only requires extra vector size in 48 Kbytes for root-hashing, and has about 900% and 420% outperformance for 20,000 URLs and 10,000 virus patterns respectively. Implementaion of RHAM FPGA can perform at the rate of 12.6 Gbps with the pattern amount in 34,215 bytes. This is superior to all previous matching hardware in terms of throughput and pattern set.

[1]  Viktor K. Prasanna,et al.  Time and area efficient pattern matching on FPGAs , 2004, FPGA '04.

[2]  Steve Poole,et al.  Granidt: Towards Gigabit Rate Network Intrusion Detection Technology , 2002, FPL.

[3]  Brad L. Hutchings,et al.  Assisting network intrusion detection with reconfigurable hardware , 2002, Proceedings. 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[4]  John A. Chandy,et al.  A keyword match processor architecture using content addressable memory , 2004, GLSVLSI '04.

[5]  K. M. George,et al.  Parallel string matching algorithms based on dataflow , 1999, Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences. 1999. HICSS-32. Abstracts and CD-ROM of Full Papers.

[6]  Evangelos P. Markatos,et al.  Generating realistic workloads for network intrusion detection systems , 2004, WOSP '04.

[7]  Gonzalo Navarro,et al.  A guided tour to approximate string matching , 2001, CSUR.

[8]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.

[9]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).

[10]  Udi Manber,et al.  Fast text searching: allowing errors , 1992, CACM.

[11]  John W. Lockwood,et al.  Implementation of a content-scanning module for an Internet firewall , 2003, 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2003. FCCM 2003..

[12]  T. G. Noll,et al.  A programmable processor for approximate string matching with high throughput rate , 2000, Proceedings IEEE International Conference on Application-Specific Systems, Architectures, and Processors.

[13]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[14]  Gerald Tripp A Finite-State-Machine based string matching system for Intrusion Detection on High-Speed Networks , 2005 .

[15]  Dionisios N. Pnevmatikatos,et al.  Pre-decoded CAMs for efficient and high-speed NIDS pattern matching , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[16]  Timothy Sherwood,et al.  A high throughput string matching architecture for intrusion detection and prevention , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[17]  George Varghese,et al.  Fast Content-Based Packet Handling for Intrusion Detection , 2001 .

[18]  Gonzalo Navarro,et al.  Flexible Pattern Matching in Strings: Practical On-Line Search Algorithms for Texts and Biological Sequences , 2002 .

[19]  Christopher R. Clark,et al.  Scalable pattern matching for high speed networks , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[20]  John W. Lockwood,et al.  Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.

[21]  Stamatis Vassiliadis,et al.  A reconfigurable perfect-hashing scheme for packet inspection , 2005, International Conference on Field Programmable Logic and Applications, 2005..

[22]  Stuart Staniford,et al.  Towards Faster String Matching for Intrusion Detection , 2001 .

[23]  N. S. Desai Increasing Performance in High Speed NIDS , 2002 .

[24]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[25]  Paul D. Franzon,et al.  Configurable string matching hardware for speeding up intrusion detection , 2005, CARN.

[26]  Martin Roesch,et al.  SNORT: The Open Source Network Intrusion Detection System 1 , 2002 .