1 / 22

Optimization of Regular Expression Pattern Matching Circuits on FPGA

Optimization of Regular Expression Pattern Matching Circuits on FPGA. Authors: Cheng-Hung Lin, Chih-Tsun Huang, Chang-Ping Jiang, and Shih-Chieh Chang Publisher: IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, VOL. 15, NO. 12, DECEMBER 2007 Present : Chen-Rong Chang

gerrish
Download Presentation

Optimization of Regular Expression Pattern Matching Circuits on FPGA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Optimization of Regular Expression Pattern Matching Circuits on FPGA Authors:Cheng-Hung Lin, Chih-Tsun Huang, Chang-Ping Jiang, and Shih-Chieh Chang Publisher:IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, VOL. 15, NO. 12, DECEMBER 2007 Present:Chen-Rong Chang Date:November, 12, 2008 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

  2. Outline • Introduction • Implementation of NFA • Regular expressions • Sharing prefix common sub-patterns • Sharing scheme for infix and suffix • Flow of RE module generation • The comparison

  3. Introduction • Regular expressions are widely used in the network intrusion detection system (NIDS) to represent attack patterns. • In contrast to software-only NIDS, many studies proposed hardware architectures for accelerating attack detection • Sidhu and Prasanna [1] proposed to construct an NFA (Nondeterministic Finite Automaton) from a regular expression to perform string matching. Hutchings, • Clark et al. [3] made excellent area and throughput by adding predecoded wide parallel inputs to traditional NFA implementations. 3

  4. Predecoder Scheme

  5. Simple NFA and implementation in logic

  6. Regular expressions for attacks’ description • Regular expressions are a common way to express attack patterns. • In Snort, two type of regular expression are used to describe attack pattern • 1. The first type defines exact string patterns such as pattern, "Ahhhh My Mouth Is Open.” • 2. The second type consists of meta-characters( *,|,$,... )

  7. Regular expressions for attacks’ description (cont.) • Given a regular expression • A partial expression ,is a prefix of P if k<m. • A partial expression ,is an infix of P if j>1 and k<m • And a partial expression is a suffix of P if j>1. Ex: expression => “networking.” • The partial expression “net” is a prefix, “work” is an infix, and “ing” is a suffix

  8. Sharing prefix common sub-patterns

  9. An erroneous implementation to share infixDir Input String => “PassSysDirUserGate” It may be mistaken as a match at the output of the upper blocks Called “False positive”

  10. Sharing common Suffix

  11. Sharing scheme for infix and suffix

  12. Two patterns share common infix RC Form: R1RcR1 R2RcR2

  13. Example of critical section problem Pattern1: abcdefgh Pattern2: dedefpq

  14. Cross-Subexpression • Definition: An expression ,is called the cross-subexpression of if is not a subexpression of and is a subexpression of • EX: R1=“abc” , R2=“def” cross-subexpression: “cde”,”cdef”,”bcd”,”bcde”,”bcdef”

  15. Necessary Condition • Theorem: If has the critical section problem, either is a cross-subexpression of , or I is a cross-subexpression of EX: R1= abc R2= cde RC= defgh • As long as R1 or R2 is a cross-subexpression, the critical section problem will happen.

  16. Sharing gain • The sharing gain of a common sub-pattern is defined to be the number of characters in the sub-pattern multipliesby the number of regular expressionshaving the sub-pattern. • For example, three regular expressions, “1Common1”, “2Common2”, and “3Common3” have the common sub-pattern “Common.” The sharing gain of the common sub-pattern is 6*3=18

  17. Flow of regular expression modulegeneration

  18. Logical structures for the proposedmeta-character components

  19. Logical structures for the proposedmeta-character components (cont.)

  20. Logical structures for the proposedmeta-character components (cont.)

  21. Implementation of NFA

  22. The comparison among different approaches on Snort rule sets

More Related