Pipelined Parallel AC-Based Approach for Multi-String Matching

New applications such as real-time packet processing require high-speed string matcher, and the number of strings in pattern store is increasing to tens of thousands, which requires a memory efficient solution. In this paper, a pipelined parallel approach for hardware implementation of Aho-Corasick (AC) algorithm for multiple strings matching called P2-AC is presented. P2-AC organizes the transition rules in multiple stages and processes in pipeline manner, which significantly simplifies the DFA state transition graph into a character tree that only contains forwarding edges. In each stage, parallel SRAMs are used to store and access transition rules of DFA in memory. Transition rules can be efficiently stored and accessed in one cycle. The memory cost is less than 47% of the best known AC-based methods. P2-AC supports incremental update and scales well with the increasing number of strings. By employing two-port SRAMs, the throughput of P2-AC is doubled with little control overhead.

[1]  Wei Zhang,et al.  A Memory Efficient Multiple Pattern Matching Architecture for Network Security , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[2]  Timothy Sherwood,et al.  A high throughput string matching architecture for intrusion detection and prevention , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[3]  Viktor K. Prasanna,et al.  Time and area efficient pattern matching on FPGAs , 2004, FPGA '04.

[4]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[5]  Wei Lin,et al.  Pipelined Architecture for Multi-String Matching , 2008, IEEE Computer Architecture Letters.

[6]  Jan van Lunteren,et al.  High-Performance Pattern-Matching for Intrusion Detection , 2006, INFOCOM.

[7]  Dionisios N. Pnevmatikatos,et al.  A Memory-Efficient Reconfigurable Aho-Corasick FSM Implementation for Intrusion Detection Systems , 2007, 2007 International Conference on Embedded Computer Systems: Architectures, Modeling and Simulation.

[8]  John A. Chandy,et al.  FPGA based network intrusion detection using content addressable memories , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[9]  Dionisios N. Pnevmatikatos,et al.  Hashing + memory = low cost, exact pattern matching , 2005, International Conference on Field Programmable Logic and Applications, 2005..

[10]  Dionisios N. Pnevmatikatos,et al.  Pre-decoded CAMs for efficient and high-speed NIDS pattern matching , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[11]  Christopher R. Clark,et al.  Scalable pattern matching for high speed networks , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[12]  Viktor K. Prasanna,et al.  A methodology for synthesis of efficient intrusion detection systems on FPGAs , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[13]  John W. Lockwood,et al.  Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.

[14]  Vijay Kumar,et al.  High Speed Pattern Matching for Network IDS/IPS , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[15]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[16]  Haoyu Song,et al.  Snort offloader: a reconfigurable hardware NIDS filter , 2005, International Conference on Field Programmable Logic and Applications, 2005..

[17]  Stamatis Vassiliadis,et al.  Scalable Multigigabit Pattern Matching for Packet Inspection , 2008, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[18]  William H. Mangione-Smith,et al.  A pattern matching co-processor for network security , 2005, DAC 2005.