Journal ArticleDOI
Fast and Scalable Pattern Matching for Network Intrusion Detection Systems
TLDR
This work presents hardware-implementable pattern matching algorithm for content filtering applications, which is scalable in terms of speed, the number of patterns and the pattern length, and is based on a memory efficient multihashing data structure called Bloom filter.Abstract:
High-speed packet content inspection and filtering devices rely on a fast multipattern matching algorithm which is used to detect predefined keywords or signatures in the packets. Multipattern matching is known to require intensive memory accesses and is often a performance bottleneck. Hence, specialized hardware-accelerated algorithms are required for line-speed packet processing. We present hardware-implementable pattern matching algorithm for content filtering applications, which is scalable in terms of speed, the number of patterns and the pattern length. Our algorithm is based on a memory efficient multihashing data structure called Bloom filter. We use embedded on-chip memory blocks in field programmable gate array/very large scale integration chips to construct Bloom filters which can suppress a large fraction of memory accesses and speed up string matching. Based on this concept, we first present a simple algorithm which can scan for several thousand short (up to 16 bytes) patterns at multigigabit per second speeds with a moderately small amount of embedded memory and a few mega bytes of external memory. Furthermore, we modify this algorithm to be able to handle arbitrarily large strings at the cost of a little more on-chip memory. We demonstrate the merit of our algorithm through theoretical analysis and simulations performed on Snort's string setread more
Citations
More filters
Journal ArticleDOI
Deflating the big bang: fast and scalable deep packet inspection with extended finite automata
TL;DR: Techniques are presented, inspired by principles used in compiler optimization, that systematically reduce runtime and per-flow state in deep packet inspection.
Proceedings ArticleDOI
Accelerated deep neural networks for enhanced Intrusion Detection System
TL;DR: An accelerated DNN architecture is developed to identify the abnormalities in the network data and NSL-KDD dataset is used to compute the training time and to analyze the effectiveness of the detection mechanism.
Proceedings ArticleDOI
Deep Packet Inspection as a Service
TL;DR: This paper proposes to treat DPI as a service to the middleboxes, implying that traffic should be scanned only once, but against the data of all middleboxes that use the service, having significant advantages in performance, scalability, robustness, and as a catalyst for innovation in the middlebox domain.
Journal ArticleDOI
Survey Bloom filter applications in network security: A state-of-the-art survey
TL;DR: This paper provides an up-to-date survey of the application of BFs and their variants to improve performance of the approaches proposed to address security problems with different types of networks.
Proceedings ArticleDOI
Variable-Stride Multi-Pattern Matching For Scalable Deep Packet Inspection
TL;DR: This paper proposes a pattern (string) matching algorithm that achieves high throughput while limiting both memory-usage and memory-bandwidth, and moves away from a byte-oriented processing of patterns to a block-oriented scheme.
References
More filters
Journal ArticleDOI
Space/time trade-offs in hash coding with allowable errors
TL;DR: Analysis of the paradigm problem demonstrates that allowing a small number of test messages to be falsely identified as members of the given set will permit a much smaller hash area to be used without increasing reject time.
Journal ArticleDOI
Efficient string matching: an aid to bibliographic search
TL;DR: A simple, efficient algorithm to locate all occurrences of any of a finite number of keywords in a string of text that has been used to improve the speed of a library bibliographic search program by a factor of 5 to 10.
Journal ArticleDOI
Summary cache: a scalable wide-area web cache sharing protocol
TL;DR: This paper demonstrates the benefits of cache sharing, measures the overhead of the existing protocols, and proposes a new protocol called "summary cache", which reduces the number of intercache protocol messages, reduces the bandwidth consumption, and eliminates 30% to 95% of the protocol CPU overhead, all while maintaining almost the same cache hit ratios as ICP.
Journal ArticleDOI
Deep packet inspection using parallel bloom filters
TL;DR: This work describes a hardware-based technique using Bloom filters, which can detect strings in streaming data without degrading network throughput and queries a database of strings to check for the membership of a particular string.
Proceedings ArticleDOI
Deterministic memory-efficient string matching algorithms for intrusion detection
TL;DR: This work contributes modifications to the Aho-Corasick string-matching algorithm that drastically reduce the amount of memory required and improve its performance on hardware implementations, and shows that these modifications do not drastically affect software performance on commodity processors, and therefore may be worth considering in these cases.