Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Pattern-Matching Scheme With High Throughput Performance and Low Memory Requirement Author: Tsern-Huei Lee, Nai-Lun Huang Publisher: TRANSACTIONS ON.

Published byDarlene Waters Modified over 9 years ago

Similar presentations

Presentation on theme: "A Pattern-Matching Scheme With High Throughput Performance and Low Memory Requirement Author: Tsern-Huei Lee, Nai-Lun Huang Publisher: TRANSACTIONS ON."— Presentation transcript:

1 A Pattern-Matching Scheme With High Throughput Performance and Low Memory Requirement Author: Tsern-Huei Lee, Nai-Lun Huang Publisher: TRANSACTIONS ON NETWORKING,2012 Presenter: Jia-Wei,Yu Date: 2013/3/6 1

2 Introduction 2 This paper presents a pattern-matching architecture with high throughput performance and low memory requirements. Similar to the WM algorithm. Shift table is replaced by Membership query module and Master bitmap. Prefix table is replaced by compressed AC.

3 Architecture 3

4 Pre-filter design (1/6) Pattern set : abcde, cdefg, ijklmn Window = 5, block = 2 4

5 Pre-filter design (2/6) Input data : xyzcdabcde MB (master bitmap) = 1111 xyzcdabcde QB (query bitmap) = 1010 MB = MB & QB = 1010 5

6 Pre-filter design (3/6) MB = 1010 Shift = m-k+1-r full match ? shift = 5 – 2 + 1 – 3 = 1 => 1 : full match, 0 : do nothing MB = MB >> 1 MB = 1101 Filled with 1’s for the holes left by the shift. 6

7 Pre-filter design (4/6) xyzcdabcde MB = 1101 QB = 0000 MB = MB & QB = 0000, shift 4 => MB = 1111 7

8 Pre-filter design (5/6) xyzcdabcde MB = 1111 QB = 0101 MB = MB & QB = 0101, do full match, shift 2 => MB = 1101 8

9 Pre-filter design (6/6) Input data : xxxdefxxx MB = 1111, QB = 0010 MB = MB & QB = 0010, we can shift 1 byte Possible : xxdex Impossible : xdexx, dexxx Input data : xxxdefxxx MB = 1001, QB = ???? Can shift 3 bytes or more. 9

10 Verification engine (1/5) 10

11 Verification engine (2/5) Branch state First single child state Leaf state / match state 11

12 Verification engine (3/5) 12

13 Verification engine (4/5) Our design needs two bits for every explicit state to indicate its type (branch, single-child, or leaf) and another bit to indicate whether or not a match is found in the state. 13

14 Verification engine (5/5) Compacted_Patterns 14

15 Experimental result (1/6) 15 The experiments are conducted on a PC with an Intel Pentium 4 CPU operating at 2.80 GHz with 512 MB of RAM, 8 kB L1 data cache, and 512 kB L2 cache. The entire ClamAV pattern set is used, containing 29179 string signatures. The minimum, maximum, average, and total lengths of the signatures are 10, 210, 66.43, and 1938433 B, respectively. The total number of states generated by the AC algorithm is 1844895. Input data : 2.2 MB

16 Experimental result (2/6) 16

17 Experimental result (3/6) 17

18 Experimental result (4/6) 18

19 Experimental result (5/6) If the average size of a malicious program is 1 kB, then the respective fraction of malicious traffic for 10, 100, or 1000 signatures is about 0.45%, 4.5%, or 45%. 19

20 Experimental result (6/6) 20

Download ppt "A Pattern-Matching Scheme With High Throughput Performance and Low Memory Requirement Author: Tsern-Huei Lee, Nai-Lun Huang Publisher: TRANSACTIONS ON."

Similar presentations

Multipattern String Matching On A GPU Author: Xinyan Zha, Sartaj Sahni Publisher: 16th IEEE Symposium on Computers and Communications Presenter: Ye-Zhi.

Multipattern String Matching On A GPU Author: Xinyan Zha, Sartaj Sahni Publisher: 16th IEEE Symposium on Computers and Communications Presenter: Ye-Zhi.
Space-Time Tradeoffs in Software-based Deep Packet Inspection Author: Anat Bremler-Barr, Yotam Harchol, and David Hay Published in Proc. IEEE HPSR 2011.

Space-Time Tradeoffs in Software-based Deep Packet Inspection Author: Anat Bremler-Barr, Yotam Harchol, and David Hay Published in Proc. IEEE HPSR 2011.
Author : Xinming Chen,Kailin Ge,Zhen Chen and Jun Li Publisher : ANCS, 2011 Presenter : Tsung-Lin Hsieh Date : 2011/12/14 1.

Author : Xinming Chen,Kailin Ge,Zhen Chen and Jun Li Publisher : ANCS, 2011 Presenter : Tsung-Lin Hsieh Date : 2011/12/14 1.
Chapter 6 Computer Architecture

Chapter 6 Computer Architecture
Reviewer: Jing Lu Gigabit Rate Packet Pattern- Matching Using TCAM Fang Yu, Randy H. Katz T. V. Lakshman UC Berkeley Bell Labs, Lucent ICNP’2004.

Reviewer: Jing Lu Gigabit Rate Packet Pattern- Matching Using TCAM Fang Yu, Randy H. Katz T. V. Lakshman UC Berkeley Bell Labs, Lucent ICNP’2004.
SKELETON BASED PERFORMANCE PREDICTION ON SHARED NETWORKS Sukhdeep Sodhi Microsoft Corp Jaspal Subhlok University of Houston.

SKELETON BASED PERFORMANCE PREDICTION ON SHARED NETWORKS Sukhdeep Sodhi Microsoft Corp Jaspal Subhlok University of Houston.
Pipelined Parallel AC-based Approach for Multi-String Matching Department of Computer Science and Information Engineering National Cheng Kung University,

Pipelined Parallel AC-based Approach for Multi-String Matching Department of Computer Science and Information Engineering National Cheng Kung University,
Bitmap Index Buddhika Madduma 22/03/2010 Web and Document Databases - ACS-7102.

Bitmap Index Buddhika Madduma 22/03/2010 Web and Document Databases - ACS-7102.
Power Efficient IP Lookup with Supernode Caching Lu Peng, Wencheng Lu*, and Lide Duan Dept. of Electrical & Computer Engineering Louisiana State University.

Power Efficient IP Lookup with Supernode Caching Lu Peng, Wencheng Lu*, and Lide Duan Dept. of Electrical & Computer Engineering Louisiana State University.
Linux Vs. Windows NT Memory Management Hitesh Kumar

Linux Vs. Windows NT Memory Management Hitesh Kumar
Efficient IP-Address Lookup with a Shared Forwarding Table for Multiple Virtual Routers Author: Jing Fu, Jennifer Rexford Publisher: ACM CoNEXT 2008 Presenter:

Efficient IP-Address Lookup with a Shared Forwarding Table for Multiple Virtual Routers Author: Jing Fu, Jennifer Rexford Publisher: ACM CoNEXT 2008 Presenter:
1 A Virus Scanning Engine Using a Parallel Finite-Input Memory Machine and MPUs Author: Hiroki Nakahara, Tsutomu Sasao, Munehiro Matsuura, and Yoshifumi.

1 A Virus Scanning Engine Using a Parallel Finite-Input Memory Machine and MPUs Author: Hiroki Nakahara, Tsutomu Sasao, Munehiro Matsuura, and Yoshifumi.
1 FPGA-based ROM-free network intrusion detection using shift-OR circuit Department of Computer Science and Information Engineering National Cheng Kung.

1 FPGA-based ROM-free network intrusion detection using shift-OR circuit Department of Computer Science and Information Engineering National Cheng Kung.
Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.
Parallel-Search Trie-based Scheme for Fast IP Lookup

Parallel-Search Trie-based Scheme for Fast IP Lookup
1 Accelerating Multi-Patterns Matching on Compressed HTTP Traffic Authors: Anat Bremler-Barr, Yaron Koral Presenter: Chia-Ming,Chang Date: 2009.9.1 Publisher/Conf.

1 Accelerating Multi-Patterns Matching on Compressed HTTP Traffic Authors: Anat Bremler-Barr, Yaron Koral Presenter: Chia-Ming,Chang Date: Publisher/Conf.
Performance Evaluation of IPv6 Packet Classification with Caching Author: Kai-Yuan Ho, Yaw-Chung Chen Publisher: ChinaCom 2008 Presenter: Chen-Yu Chaug.

Performance Evaluation of IPv6 Packet Classification with Caching Author: Kai-Yuan Ho, Yaw-Chung Chen Publisher: ChinaCom 2008 Presenter: Chen-Yu Chaug.
An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.

An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.
1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:

1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:
1 Scalable Pattern-Matching via Dynamic Differentiated Distributed Detection (D 4 ) Author: Kai Zheng, Hongbin Lu Publisher: GLOBECOM 2008 Presenter: Han-Chen.

1 Scalable Pattern-Matching via Dynamic Differentiated Distributed Detection (D 4 ) Author: Kai Zheng, Hongbin Lu Publisher: GLOBECOM 2008 Presenter: Han-Chen.

Similar presentations

Ads by Google