Tree-based string pattern matching on FPGAs
详细信息 查看全文
- 作者:Oğuzhan Erdem ; ogerdem@trakya.edu.tr" class="auth_mail" title="E-mail the corresponding author ; ogerdem@gmail.com" class="auth_mail" title="E-mail the corresponding authorAuthor Vitae
- 关键词:String matching ; Intrusion detection ; FPGA ; Binary tree ; NIDS
- 刊名:Computers & Electrical Engineering
- 出版年:2016
- 出版时间:January 2016
- 年:2016
- 卷:49
- 期:Complete
- 页码:117-133
- 全文大小:771 K
文摘
Network intrusion detection systems (NIDSs) monitor Internet Protocol (IP) traffic to detect anomalous and malicious activities on a network. Despite the plethora of studies in this field, hardware-based string matching engines that can accommodate the advancements in optical networking technology are still in high demand. Furthermore, memory efficient data structures to store intrusion patterns have recently received a great deal of research attention. In this paper, we introduce a tree-based pattern matching (TPM) scheme that comprises a forest of Binary Search Tree (BST) data structures and an accommodating high-throughput multi-pipelined architecture for scalable string matching on hardware. To improve the resource efficiency in hardware implementations, we enhanced TPM scheme (extended-TPM) with two novel tree structures, namely BST-epsilon (BST∊) and hierarchical BST (H-BST). Our entire design accomplishes a memory efficiency of 1.07 bytes/char for the latest Snort dictionary. Utilizing a state-of-the-art Field Programmable Gate Arrays (FPGAs), TPM architecture can sustain a throughput of 2.7 Gbps.