Context-Free-Grammar based Token Tagger in Reconfigurable Devices

In this paper, we present reconfigurable hardware architecture for detecting semantics of streaming data on 1+ Gbps networks. The design leverages on the characteristics of context-free-grammar (CFG) that allows the computers to understand the semantics of data. Although our parser is not a true CFG parser, we use the linguistic structure defined in the grammars to explore a new way of parsing data using Field Programmable Gate Array (FPGA) hardware. Our system consists of pattern matchers and a syntax detector. The pattern matchers are automatically generated using the grammar token list while the syntax detector is generated based on the aspects of the grammar that define the order of all possible token sequences. Since all the rules are mapped onto the hardware as parallel processing engines, the meaning of each token can be determined by monitoring where it is being processed. Our highly parallel and fine grain pipelined engines can operate at a frequency above 500 MHz. Our initial implementation is XML content-based router for XML remote procedure calls (RPC). The implementation can process the data at 1.57 Gbps on Xilinx VirtexE FPGA and 4.26 Gbps on the Virtex 4 FPGA.

[1]  Nick McKeown,et al.  Algorithms for packet classification , 2001, IEEE Netw..

[2]  B. Karp,et al.  Autograph: Toward Automated, Distributed Worm Signature Detection , 2004, USENIX Security Symposium.

[3]  John McHugh,et al.  Defending Yourself: The Role of Intrusion Detection Systems , 2000, IEEE Software.

[4]  William H. Mangione-Smith,et al.  Specialized Hardware for Deep Network Packet Filtering , 2002, FPL.

[5]  William H. Mangione-Smith,et al.  Deep packet filter with dedicated logic and read only memories , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[6]  Jonathan S. Turner,et al.  Packet classification using extended TCAMs , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[7]  Anand Rangarajan,et al.  Algorithms for advanced packet classification with ternary CAMs , 2005, SIGCOMM '05.

[8]  Jon Crowcroft,et al.  Honeycomb , 2004, Comput. Commun. Rev..

[9]  Haoyu Song,et al.  Efficient packet classification for network intrusion detection using FPGA , 2005, FPGA '05.

[10]  John W. Lockwood,et al.  Layered protocol wrappers for Internet packet processing in reconfigurable hardware , 2001, HOT 9 Interconnects. Symposium on High Performance Interconnects.

[11]  William H. Mangione-Smith,et al.  A pattern matching co-processor for network security , 2005, DAC 2005.

[12]  John W. Lockwood,et al.  Protocol Wrappers for Layered Network Packet Processing in Reconfigurable Hardware , 2002, IEEE Micro.

[13]  Viktor K. Prasanna,et al.  A methodology for synthesis of efficient intrusion detection systems on FPGAs , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[14]  Eytan Ruppin,et al.  Unsupervised learning of natural languages , 2006 .

[15]  Jean Bacon,et al.  Content-based routing with on-demand multicast , 2004, 24th International Conference on Distributed Computing Systems Workshops, 2004. Proceedings..

[16]  John W. Lockwood,et al.  Deep packet inspection using parallel Bloom filters , 2003, 11th Symposium on High Performance Interconnects, 2003. Proceedings..

[17]  Stuart M. Shieber,et al.  Evidence against the context-freeness of natural language , 1985 .

[18]  Dionisios N. Pnevmatikatos,et al.  Pre-decoded CAMs for efficient and high-speed NIDS pattern matching , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[19]  Christopher Culy,et al.  The complexity of the vocabulary of Bambara , 1985 .

[20]  John W. Lockwood,et al.  Architecture for a hardware-based, TCP/IP content-processing system , 2004, IEEE Micro.

[21]  John W. Lockwood,et al.  Reprogrammable network packet processing on the field programmable port extender (FPX) , 2001, FPGA '01.

[22]  George Varghese,et al.  Automated Worm Fingerprinting , 2004, OSDI.

[23]  John W. Lockwood,et al.  TCP-Splitter: A TCP/IP flow monitor in reconfigurable hardware , 2002, Proceedings 10th Symposium on High Performance Interconnects.

[24]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[25]  Sundar Iyer,et al.  ClassiPl: an architecture for fast and flexible packet classification , 2001, IEEE Netw..

[26]  William H. Mangione-Smith,et al.  Fast reconfiguring deep packet filter for 1+ gigabit network , 2005, 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'05).