A parallel automaton string matching with pre-hashing and root-indexing techniques for content filtering coprocessor

We propose a new parallel automaton string matching approach and its hardware architecture for content filtering coprocessor. This new approach can improve the average matching time of the parallel automaton with pre-hashing and root-indexing techniques. The pre-hashing technique uses a hashing function to verify quickly the text against the partial patterns in the automaton, and the root-indexing technique matches multiple bytes for the root state in one single matching. A popular automaton algorithm, Aho-Corasick (AC) is chosen to be implemented by adding the two techniques; we employ these two techniques in a memory efficient version of AC namely bitmap AC. For the average-case time, our approach improves bitmap AC by 494% and 224% speedup for URL and virus patterns, respectively. Since pre-hashing and root-indexing techniques can be concurrently executed with bitmap AC in the hardware, our proposed approach has the same worst-case time as bitmap AC.

[1]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[2]  John W. Lockwood,et al.  FPsed: a streaming content search-and-replace module for an Internet firewall , 2003, 11th Symposium on High Performance Interconnects, 2003. Proceedings..

[3]  Gonzalo Navarro,et al.  A guided tour to approximate string matching , 2001, CSUR.

[4]  Raghu Sastry,et al.  CASM: A VLSI Chip for Approximate String Matching , 1995, IEEE Trans. Pattern Anal. Mach. Intell..

[5]  Stuart Staniford,et al.  Towards Faster String Matching for Intrusion Detection , 2001 .

[6]  C.J. Coit,et al.  Towards faster string matching for intrusion detection or exceeding the speed of Snort , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[7]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.

[8]  Sarang Dharmapurikar,et al.  Implementation results of bloom filters for string matching , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[9]  Udi Manber,et al.  Fast text searching: allowing errors , 1992, CACM.

[10]  N. S. Desai Increasing Performance in High Speed NIDS , 2002 .

[11]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[12]  Brad L. Hutchings,et al.  Assisting network intrusion detection with reconfigurable hardware , 2002, Proceedings. 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[13]  T. G. Noll,et al.  A programmable processor for approximate string matching with high throughput rate , 2000, Proceedings IEEE International Conference on Application-Specific Systems, Architectures, and Processors.

[14]  K. M. George,et al.  Parallel string matching algorithms based on dataflow , 1999, Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences. 1999. HICSS-32. Abstracts and CD-ROM of Full Papers.

[15]  Keiji Kojima,et al.  String matching on IDP: a string matching algorithm for vector processors and its implementation , 1993, Proceedings of 1993 IEEE International Conference on Computer Design ICCD'93.

[16]  John W. Lockwood,et al.  Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.