PERG-Rx: a hardware pattern-matching engine supporting limited regular expressions

PERG is a pattern matching engine designed for locating pre-defined byte string patterns (rules) from the ClamAV virus signature database in a data stream. This paper presents PERG-Rx, an extension of PERG that adds limited regular expression support for wildcard patterns used by rules that represent polymorphic viruses. To reduce the amount of state needed to track so many regular expressions, PERG-Rx employs a lossy scheme which increases the rate of false positives detected as the required state grows. The scalability and dynamic updatability of the PERG-Rx architecture to database updates are also evaluated.

[1]  Guy Lemieux,et al.  PERG: A scalable FPGA-based pattern-matching engine with consolidated Bloomier filters , 2008, 2008 International Conference on Field-Programmable Technology.

[2]  Surin Kittitornkun,et al.  Applying Cuckoo Hashing for FPGA-based Pattern Matching in NIDS/NIPS , 2007, 2007 International Conference on Field-Programmable Technology.

[3]  Stamatis Vassiliadis,et al.  A reconfigurable perfect-hashing scheme for packet inspection , 2005, International Conference on Field Programmable Logic and Applications, 2005..

[4]  William H. Mangione-Smith,et al.  Fast reconfiguring deep packet filter for 1+ gigabit network , 2005, 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'05).

[5]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).

[6]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[7]  Bernard Chazelle,et al.  The Bloomier filter: an efficient data structure for static support lookup tables , 2004, SODA '04.

[8]  Xin Zhou,et al.  MRSI: A Fast Pattern Matching Algorithm for Anti-virus Applications , 2008, Seventh International Conference on Networking (icn 2008).