Optimization of Regular Expression Pattern Matching Circuits on FPGA Authors: Cheng-Hung Lin, Chih-Tsun Huang, Chang-Ping Jiang, and Shih-Chieh Chang Publisher:

Slides:



Advertisements
Similar presentations
Deep Packet Inspection: Where are We? CCW08 Michela Becchi.
Advertisements

OBJECTIVES Learn the history of HDL Development. Learn how the HDL module is structured. Learn the use of operators in HDL module. Learn the different.
Architecture-Specific Packing for Virtex-5 FPGAs
Massively Parallel Cuckoo Pattern Matching Applied For NIDS/NIPS  Author: Tran Ngoc Thinh, Surin Kittitornkun  Publisher: Electronic Design, Test and.
Prefix, Postfix, Infix Notation
Authors: Raphael Polig, Kubilay Atasu, and Christoph Hagleitner Publisher: FPL, 2013 Presenter: Chia-Yi, Chu Date: 2013/10/30 1.
Multithreaded FPGA Acceleration of DNA Sequence Mapping Edward Fernandez, Walid Najjar, Stefano Lonardi, Jason Villarreal UC Riverside, Department of Computer.
XFA : Faster Signature Matching With Extended Automata Author: Randy Smith, Cristian Estan and Somesh Jha Publisher: IEEE Symposium on Security and Privacy.
Pipelined Parallel AC-based Approach for Multi-String Matching Department of Computer Science and Information Engineering National Cheng Kung University,
1 Author: Ioannis Sourdis, Sri Harsha Katamaneni Publisher: IEEE ASAP,2011 Presenter: Jia-Wei Yo Date: 2011/11/16 Longest prefix Match and Updates in Range.
Moving NN Triggers to Level-1 at LHC Rates Triggering Problem in HEP Adopted neural solutions Specifications for Level 1 Triggering Hardware Implementation.
1 The scanning process Goal: automate the process Idea: –Start with an RE –Build a DFA How? –We can build a non-deterministic finite automaton (Thompson's.
1 ReCPU:a Parallel and Pipelined Architecture for Regular Expression Matching Department of Computer Science and Information Engineering National Cheng.
11 FPGA based High speed and low area cost pattern matching Authors: Jian Huang, Zongkai Yang, Xu Du, and Wei Liu Publisher: Proceedings of IEEE Symposium.
1 FPGA-based ROM-free network intrusion detection using shift-OR circuit Department of Computer Science and Information Engineering National Cheng Kung.
Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.
1 Multi-Core Architecture on FPGA for Large Dictionary String Matching Department of Computer Science and Information Engineering National Cheng Kung University,
1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.
1 Scalable Pattern Matching for High Speed Networks Authors: Christopher R.Clark and David E. Schemmel Publisher: Proceedings of IEEE Symposium on Field-
Build-In Self-Test of FPGA Interconnect Delay Faults Laboratory for Reliable Computing (LaRC) Electrical Engineering Department National Tsing Hua University.
A Signature Match Processor Architecture for Network Intrusion Detection Janardhan Singaraju, Long Bu and John A. Chandy Electrical and Computer Engineering.
1 ARCHITECTURES FOR BIT-SPLIT STRING SCANNING IN INTRUSION DETECTION Author: Lin Tan, Timothy Sherwood Publisher: IEEE MICRO, 2006 Presenter: Hsin-Mao.
Field Programmable Gate Array (FPGA) Layout An FPGA consists of a large array of Configurable Logic Blocks (CLBs) - typically 1,000 to 8,000 CLBs per chip.
Dr. Konstantinos Tatas ACOE201 – Computer Architecture I – Laboratory Exercises Background and Introduction.
SHOCK: A Worst-Case Ensured Sub-linear Time Pattern Matching Algorithm for Inline Anti-Virus Scanning Author: Nen-Fu Huang, Wen-Yen Tsai Publisher: IEEE.
 Author: Tsern-Huei Lee  Publisher: 2009 IEEE Transation on Computers  Presenter: Yuen-Shuo Li  Date: 2013/09/18 1.
Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.
Department of Computer Science and Engineering Applied Research Laboratory A TCP/IP Based Multi-Device Programming Circuit David V. Schuehler – Harvey.
(TPDS) A Scalable and Modular Architecture for High-Performance Packet Classification Authors: Thilan Ganegedara, Weirong Jiang, and Viktor K. Prasanna.
VHDL Project Specification Naser Mohammadzadeh. Schedule  due date: Tir 18 th 2.
SI-DFA: Sub-expression Integrated Deterministic Finite Automata for Deep Packet Inspection Authors: Ayesha Khalid, Rajat Sen†, Anupam Chattopadhyay Publisher:
TFA : A Tunable Finite Automaton for Regular Expression Matching Author: Yang Xu, Junchen Jiang, Rihua Wei, Tang Song and H. Jonathan Chao Publisher: Technical.
Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs by Zachary K. Baker and Viktor K. Prasanna University of Southern California, Los.
Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author : Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.
1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,
Author : Ioannis Sourdis, Vasilis Dimopoulos, Dionisios Pnevmatikatos and Stamatis Vassiliadis Publisher : ANCS’06 Presenter : Zong-Lin Sie Date : 2011/01/05.
Regular Expression Matching for Reconfigurable Packet Inspection Authors: Jo˜ao Bispo, Ioannis Sourdis, Jo˜ao M.P. Cardoso and Stamatis Vassiliadis Publisher:
Department of Computer Science and Engineering Applied Research Laboratory Architecture for a Hardware Based, TCP/IP Content Scanning System David V. Schuehler.
1 Synthesizing Datapath Circuits for FPGAs With Emphasis on Area Minimization Andy Ye, David Lewis, Jonathan Rose Department of Electrical and Computer.
A Dynamic Longest Prefix Matching Content Addressable Memory for IP Routing Author: Satendra Kumar Maurya, Lawrence T. Clark Publisher: IEEE TRANSACTIONS.
LOGIC OPTIMIZATION USING TECHNOLOGY INDEPENDENT MUX BASED ADDERS IN FPGA Project Guide: Smt. Latha Dept of E & C JSSATE, Bangalore. From: N GURURAJ M-Tech,
STRING SEARCHING ENGINE FOR VIRUS SCANNING Author : Derek Pao, Xing Wang, Xiaoran Wang, Cong Cao, Yuesheng Zhu Publisher : TRANSACTIONS ON COMPUTERS, 2012.
Memory-Efficient Regular Expression Search Using State Merging Author: Michela Becchi, Srihari Cadambi Publisher: INFOCOM th IEEE International.
A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching Yao Song 11/05/2015.
Author : Weirong Jiang, Yi-Hua E. Yang, and Viktor K. Prasanna Publisher : IPDPS 2010 Presenter : Jo-Ning Yu Date : 2012/04/11.
TFA: A Tunable Finite Automaton for Regular Expression Matching Author: Yang Xu, Junchen Jiang, Rihua Wei, Yang Song and H. Jonathan Chao Publisher: ACM/IEEE.
Author: Weirong Jiang and Viktor K. Prasanna Publisher: ACM Symposium on Parallel Algorithms and Architectures, SPAA 2009 Presenter: Chin-Chung Pan Date:
A Fast Regular Expression Matching Engine for NIDS Applying Prediction Scheme Author: Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan and Binxing Fang Publisher:
LaFA Lookahead Finite Automata Scalable Regular Expression Detection Authors : Masanori Bando, N. Sertac Artan, H. Jonathan Chao Masanori Bando N. Sertac.
Prefix, Postfix, Infix Notation. Infix Notation  To add A, B, we write A+B  To multiply A, B, we write A*B  The operators ('+' and '*') go in between.
TRAFFIC CONTROL SIGNALS. With the name of ALLAH, the most BENEFICENT and the most MERCIFUL.
SRD-DFA Achieving Sub-Rule Distinguishing with Extended DFA Structure Author: Gao Xia, Xiaofei Wang, Bin Liu Publisher: IEEE DASC (International Conference.
B0110 Fabric and Trust ENGR xD52 Eric VanWyk Fall 2013.
How to use ISE Dept. of Info & Comm. Eng. Prof. Jongbok Lee.
Range Hash for Regular Expression Pre-Filtering Publisher : ANCS’ 10 Author : Masanori Bando, N. Sertac Artan, Rihua Wei, Xiangyi Guo and H. Jonathan Chao.
Counting bloom filters for pattern matching and anti-evasion at the wire speed Author: Gianni Antichi, Domenico Ficara, Stefano Giordano, Gregorio Procissi,
2018/4/27 PiDFA : A Practical Multi-stride Regular Expression Matching Engine Based On FPGA Author: Jiajia Yang, Lei Jiang, Qiu Tang, Qiong Dai, Jianlong.
Efficient Pattern Matching Algorithm for Memory Architecture
Accelerating Pattern Matching for DPI
Regular Expression Matching in Reconfigurable Hardware
Regular Expression Acceleration at Multiple Tens of Gb/s
Statistical Optimal Hash-based Longest Prefix Match
2018/11/19 Source Routing with Protocol-oblivious Forwarding to Enable Efficient e-Health Data Transfer Author: Shengru Li, Daoyun Hu, Wenjian Fang and.
SYNTHESIS OF SEQUENTIAL LOGIC
Speculative Parallel Pattern Matching
Scalable Memory-Less Architecture for String Matching With FPGAs
VHDL Introduction.
Power-efficient range-match-based packet classification on FPGA
High-Performance Pattern Matching for Intrusion Detection
2019/10/9 Regular Expression Matching for Reconfigurable Constraint Repetition Inspection Authors : Miad Faezipour and Mehrdad Nourani Publisher : IEEE.
Presentation transcript:

Optimization of Regular Expression Pattern Matching Circuits on FPGA Authors: Cheng-Hung Lin, Chih-Tsun Huang, Chang-Ping Jiang, and Shih-Chieh Chang Publisher: IEEE VLSI, 2007 Present: Pei-Hua Huang Date: 2014/02/19

Introduction Regular expressions are widely used in the network intrusion detection system (NIDS) to represent attack patterns Due to the rapid increase of network attacks and data traffic, traditional software-only NIDS may be too slow for networking needs many studies [1][2][3][4][5] proposed hardware architectures for accelerating attack detection the main challenges of hardware implementation is to accommodate the large number regular expressions to FPGAs 1

Introduction 2

3

Regular expressions for attacks’ description In Snort, two types of regular expression are used to describe attack patterns The first type defines exact string patterns such as "Ahhhh My Mouth Is Open.” The second type consists of meta-characters (^, $, |, *, ?) ex. “^GET[^s]{432}” 4

Minimization of regular expression circuits Given m regular expressions, R 1,R 2,…, R m, and assuming that all of them have the infix common sub-pattern, R c, the m regular expressions can be represented as R 1pre R c R 1post, R 2pre R c R 2post,…, and R mpre R c R mpost two additional circuit blocks are inserted The switch module is used to memorize where the trigger signal comes from DeMux (De-Multiplexer) to guide the output of R c to the correct postfix circuit 5

Minimization of regular expression circuits 6

The new architecture has two constraints Constraint 1: For the m regular expressions in Figure 4, {R 1pre R c R 1post, R 2pre R c R 2post, …, R mpre R c R mpost }, the prefix R jpre cannot be null for j ∈ 1...m 7 Pattern1: abcdefgh Pattern2: defpq

Constraint 2: For the m regular expressions in Figure 4, {R 1pre R c R 1post, R 2pre R c R 2post, …, R mpre R c R mpost }, the R c cannot be shared if R jpre ⊂ R kpre R c, ∀ k ≠ j, k, j ∈ 1…m 8 Pattern1: abcdefgh Pattern2: dedefpq

Regular expression module generator The sharing gain of a common sub-pattern is defined to be the number of characters in the sub-pattern multiplies by the number of regular expressions having the sub-pattern For example, three regular expressions, “1Common1”, “2Common2”, and “3Common3” have the common sub- pattern “Common.” The sharing gain of the common sub- pattern is 18=6*3 9

10

Basic components of NFA approach 11

Basic components of NFA approach 12

Experimental results the regular expression patterns from Snort and Trend Micro all circuits being synthesized by Xilinx ISE7.1i, where the target FPGA is Xilinx Virtex XCV2000E consisting of 19,200 slices 13

14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.