Modified Data Structure of Aho-Corasick Project ECE-526 Spring 2006 Benfano Soewito, Ed Flanigan and John Pangrazio Southern Illinois University Carbondale.

Slides:



Advertisements
Similar presentations
Multipattern String Matching On A GPU Author: Xinyan Zha, Sartaj Sahni Publisher: 16th IEEE Symposium on Computers and Communications Presenter: Ye-Zhi.
Advertisements

Fast and Scalable Pattern Matching for Content Filtering Sarang Dharmapurikar John Lockwood.
Introduction to Computer Science 2 Lecture 7: Extended binary trees
Network Algorithms, Lecture 4: Longest Matching Prefix Lookups George Varghese.
An On-Chip IP Address Lookup Algorithm Author: Xuehong Sun and Yiqiang Q. Zhao Publisher: IEEE TRANSACTIONS ON COMPUTERS, 2005 Presenter: Yu Hao, Tseng.
Massively Parallel Cuckoo Pattern Matching Applied For NIDS/NIPS  Author: Tran Ngoc Thinh, Surin Kittitornkun  Publisher: Electronic Design, Test and.
Efficient Memory Utilization on Network Processors for Deep Packet Inspection Piti Piyachon Yan Luo Electrical and Computer Engineering Department University.
A Memory-Efficient Reconfigurable Aho-Corasick FSM Implementation for Intrusion Detection Systems Authors: Seongwook Youn and Dennis McLeod Presenter:
1 An Evolution of Pattern Matching within Network Intrusion Detection Systems Erik Anderson 9 November 2006.
➢ Performing Technology Mapping and Optimization by DAG Covering: A Review of Traditional Approaches Evriklis Kounalakis.
Modified Data Structure of Aho-Corasick Project ECE-526 Spring 2006 Benfano Soewito, Ed Flanigan and John Pangrazio Southern Illinois University Carbondale.
Power Efficient IP Lookup with Supernode Caching Lu Peng, Wencheng Lu*, and Lide Duan Dept. of Electrical & Computer Engineering Louisiana State University.
Deterministic Memory- Efficient String Matching Algorithms for Intrusion Detection Nathan Tuck, Timothy Sherwood, Brad Calder, George Varghese Department.
Efficient IP-Address Lookup with a Shared Forwarding Table for Multiple Virtual Routers Author: Jing Fu, Jennifer Rexford Publisher: ACM CoNEXT 2008 Presenter:
Parallel-Search Trie-based Scheme for Fast IP Lookup
1 Efficient String Matching : An Aid to Bibliographic Search Alfred V. Aho and Margaret J. Corasick Bell Laboratories.
Aho-Corasick String Matching An Efficient String Matching.
1 Gigabit Rate Multiple- Pattern Matching with TCAM Fang Yu Randy H. Katz T. V. Lakshman
ECE 526 – Network Processing Systems Design Network Security: string matching algorithm Chapter 17: George Varghese.
1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:
A High Throughput String Matching Architecture for Intrusion Detection and Prevention Lin Tan U of Illinois, Urbana Champaign Tim Sherwood UC, Santa Barbara.
Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.
Gnort: High Performance Intrusion Detection Using Graphics Processors Giorgos Vasiliadis, Spiros Antonatos, Michalis Polychronakis, Evangelos Markatos,
1 ARCHITECTURES FOR BIT-SPLIT STRING SCANNING IN INTRUSION DETECTION Author: Lin Tan, Timothy Sherwood Publisher: IEEE MICRO, 2006 Presenter: Hsin-Mao.
A Fast Algorithm for Multi-Pattern Searching Sun Wu, Udi Manber May 1994.
1 Exact Set Matching Charles Yan Exact Set Matching Goal: To find all occurrences in text T of any pattern in a set of patterns P={p 1,p 2,…,p.
RAID2005 CardGuard: Towards software-based signature detection for intrusion prevention on the network card Herbert Bos and Kaiming Huang presented by.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
Mug01, 6-9 March 2001, Santa Fe, New Mexico, USA. SMILES Multigram Compression Roger Sayle 1 and Jack Delany 2 1 Metaphorics LLC, Santa Fe, New Mexico.
Presentation by : Samad Najjar Enhancing the performance of intrusion detection system using pre-process mechanisms Supervisor: Dr. L. Mohammad Khanli.
CSE7701: Research Seminar on Networking
Identifying Reversible Functions From an ROBDD Adam MacDonald.
A High Throughput String Matching Architecture for Intrusion Detection and Prevention Lin Tan, Timothy Sherwood Appeared in ISCA 2005 Presented by: Sailesh.
Accelerating Multipattern Matching on Compressed HTTP Traffic Published in : IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 20, NO. 3, JUNE 2012 Authors : Bremler-Barr,
An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture.
Space-Time Tradeoffs in Software-Based Deep Packet Inspection Anat Bremler-Barr Yotam Harchol ⋆ David Hay IDC Herzliya, Israel Hebrew University, Israel.
Space-Time Tradeoffs in Software-Based Deep Packet Inspection Anat Bremler-Barr Yotam Harchol ⋆ David Hay IDC Herzliya, Israel Hebrew University, Israel.
FPGA Based String Matching for Network Processing Applications Janardhan Singaraju, John A. Chandy Presented by: Justin Riseborough Albert Tirtariyadi.
Fast Packet Classification Using Bloom filters Authors: Sarang Dharmapurikar, Haoyu Song, Jonathan Turner, and John Lockwood Publisher: ANCS 2006 Present:
MASCOTS 2003 An Active Traffic Splitter Architecture for Intrusion Detection Ioannis Charitakis Institute of Computer Science Foundation of Research And.
1. Outline Introduction Related work on packet classification Grouper Performance Analysis Empirical Evaluation Conclusions 2/42.
Parallelization and Characterization of Pattern Matching using GPUs Author: Giorgos Vasiliadis 、 Michalis Polychronakis 、 Sotiris Ioannidis Publisher:
TRANSITION DIAGRAM BASED LEXICAL ANALYZER and FINITE AUTOMATA Class date : 12 August, 2013 Prepared by : Karimgailiu R Panmei Roll no. : 11CS10020 GROUP.
Memory Compression Algorithms for Networking Features Sailesh Kumar.
Sets of Digital Data CSCI 2720 Fall 2005 Kraemer.
TCAM –BASED REGULAR EXPRESSION MATCHING SOLUTION IN NETWORK Phase-I Review Supervised By, Presented By, MRS. SHARMILA,M.E., M.ARULMOZHI, AP/CSE.
Memory-Efficient IPv4/v6 Lookup on FPGAs Using Distance-Bounded Path Compression Author: Hoang Le, Weirong Jiang and Viktor K. Prasanna Publisher: IEEE.
Author : Sarang Dharmapurikar, John Lockwood Publisher : IEEE Journal on Selected Areas in Communications, 2006 Presenter : Jo-Ning Yu Date : 2010/12/29.
A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching Yao Song 11/05/2015.
Updating Designed for Fast IP Lookup Author : Natasa Maksic, Zoran Chicha and Aleksandra Smiljani´c Conference: IEEE High Performance Switching and Routing.
TFA: A Tunable Finite Automaton for Regular Expression Matching Author: Yang Xu, Junchen Jiang, Rihua Wei, Yang Song and H. Jonathan Chao Publisher: ACM/IEEE.
Onlinedeeneislam.blogspot.com1 Design and Analysis of Algorithms Slide # 1 Download From
Evaluating and Optimizing IP Lookup on Many Core Processors Author: Peng He, Hongtao Guan, Gaogang Xie and Kav´e Salamatian Publisher: International Conference.
Accelerating Multi-Pattern Matching on Compressed HTTP Traffic Dr. Anat Bremler-Barr (IDC) Joint work with Yaron Koral (IDC), Infocom[2009]
Author : Tzu-Fang Sheu,Nen-Fu Huang and Hsiao-Ping Lee Publisher : IEEE Globecom, 2006 Presenter : Tsung-Lin Hsieh Date : 2012/05/16 1.
Gnort: High Performance Network Intrusion Detection Using Graphics Processors Date:101/2/15 Publisher:ICS Author:Giorgos Vasiliadis, Spiros Antonatos,
Tries 07/28/16 11:04 Text Compression
A DFA with Extended Character-Set for Fast Deep Packet Inspection
Mark Redekopp David Kempe
CSE7701: Research Seminar on Networking
Ambika Shrestha Chitrakar Prof. Slobodan Petrovic
HEXA: Compact Data Structures for Faster Packet Processing
James Logan CS526 Dr. Chow April 29, 2009
KUO-KUN TSENG, YUAN-CHENG LAI, YING-DAR LIN, and TSERN-HUEI LEE
Using decision trees to improve signature-based intrusion detection
Pipelined Architecture for Multi-String Matching
Author: Yaron Weinsberg ,Shimrit Tzur-David ,Danny Dolev and Tal Anker
High-Performance Pattern Matching for Intrusion Detection
2019/10/19 Efficient Software Packet Processing on Heterogeneous and Asymmetric Hardware Architectures Author: Eva Papadogiannaki, Lazaros Koromilas, Giorgos.
Presentation transcript:

Modified Data Structure of Aho-Corasick Project ECE-526 Spring 2006 Benfano Soewito, Ed Flanigan and John Pangrazio Southern Illinois University Carbondale

Introduction Aho-Corasick Algorithm is used to implement rule checking for Snort type Intrusion Detection Systems. IDS Sensors are currently placed on hosts and end nodes Can prevent damage sooner if at core of network

Previous work A pattern matching machine for the set of keywords {he, she, his, hers} It has 256 next state pointers which use large amounts memory

Aho-Corasick Aho-Corasick: Multi-pattern string matching Time linear in the size of input How it works: Construct the state machine The state machine starts in the empty root node Each pattern is added to the state machine Failure pointers are added from each node to the longest prefix

Methodology Goal in this project: Modify the Aho-Corasick algorithm to use less space in memory. Methodology: Use a single pointer instead 256 pointers Use 256 bit bitmap

Methodology Diagram Bitmap Data Structure

Expected result Use of memory efficient algorithm will allow implementation of Snort rules in a memory of 1.5Mb instead of 60Mb. Allows the rules to be stored in SRAM on a router/switch instead of independent host Uses fewer memory lookups and faster search method.

Results: Execution Time String Matches # Str1K10K

Results: Execution Time String Matches # Str1K10K

Results: Memory

Results StringsNodesPointers Non Bitmap MEM Aho (KB) MEM Bitmap (KB) Statistic of Rules/strings Total %

Discussion Memory use linear with respect to number of strings Execution time impact dependent on number of string matches –Minimal Bitmap Computation Overhead

References A. V. Aho and M. J. Corasick. Efficient string matching: An aid to bibliographic search. Communications of the ACM, 18(6):333–340, By G. Varghese, T. Sherwood, N. Tuck and Brad Calder. "Deterministic Memory-Efficient String Matching Algorithms for Intrusion Detection“ R. S. Boyer and J. S. Moore. A fast string searching algorithm