Super fast hardware string matching

With the appearance of multi-gigabit network infrastructure, a typical network intrusion detection system (NIDS) has to cope with the network speed. By examining each packet flowing through a network segment, suspicious packets are detected and reported to assure security. Up to 57% of the execution time in a NIDS is found to compare string against a predefined/known pattern. It is hard to implement a multi-gigabit performance NIDS without hardware support. This paper proposes a very high speed string matching algorithm which can be easily implemented into FPGAs. The parallel matching design takes a segment of text from the payload of a packet and detects all possible tokens including those crossing text segment boundaries. Simulation results show a throughput of 23.43 Gbps with a moderate operating frequency of 366.2 MHz

[1]  Anany Levitin Introduction to the design & analysis of algorithms , 2007 .

[2]  Brad L. Hutchings,et al.  Assisting network intrusion detection with reconfigurable hardware , 2002, Proceedings. 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[3]  Timothy Sherwood,et al.  A high throughput string matching architecture for intrusion detection and prevention , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[4]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[5]  Gaston H. Gonnet,et al.  A new approach to text searching , 1989, SIGIR '89.

[6]  Dionisios N. Pnevmatikatos,et al.  Fast, Large-Scale String Match for a 10Gbps FPGA-Based Network Intrusion Detection System , 2003, FPL.

[7]  Luis Ignacio,et al.  A NEW WORM TRAFFIC GENERATOR , 2007 .

[8]  Wen-Jyi Hwang,et al.  Shift-Or Circuit for Efficient Network Intrusion Detection Pattern Matching , 2006, 2006 International Conference on Field Programmable Logic and Applications.

[9]  William H. Mangione-Smith,et al.  Specialized Hardware for Deep Network Packet Filtering , 2002, FPL.

[10]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[11]  Steve Poole,et al.  Granidt: Towards Gigabit Rate Network Intrusion Detection Technology , 2002, FPL.

[12]  Gaston H. Gonnet,et al.  A new approach to text searching , 1992, CACM.

[13]  Anany Levitin,et al.  Introduction to the Design and Analysis of Algorithms , 2002 .

[14]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.