Skip to main content
SpringerLink
Log in

FPGA-Based Acceleration of Pattern Matching in YARA

  • Conference paper
  • First Online:
Applied Reconfigurable Computing (ARC 2016)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9625))

Included in the following conference series:

  • 1278 Accesses

Abstract

String and regular expression pattern matching is an integral part of intrusion detection systems to detect potential threats. YARA is a pattern matching framework to identify malicious content by defining complex patterns and signatures. Software implementations of YARA on CPU do not meet the throughput requirements of core networks. We present a FPGA based hardware accelerator to boost the performance of pattern matching in YARA framework. The proposed architecture consists of pattern matching engines organized as two-dimensional stages and pipelines. We implemented rulesets of sizes varying from 8 to 200 rules with total number of patterns ranging from 128 to 6000. Post place-and-route results demonstrate that the proposed design achieves throughput ranging from 12.85 Gbps to 21.8 Gbps. This is an improvement of 8.8\(\times \) to 14.5\(\times \) in comparison with the throughput of 1.45 Gbps for a software implementation on a state of the art multi-core platform.

V.K. Prasanna—This work is supported by Chevron U.S.A. at the University of Southern California.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bro, Intrusion Dectection System. http://bro-ids.org

  2. Snort, Intrusion Dectection System. http://www.snort.org/

  3. YARA, Patter Matching Tool. http://plusvic.github.io/yara/

  4. VirusTotal. https://www.virustotal.com/

  5. Weaver, N., Paxson, V., Gonzalez, J.M.: The shunt: an FPGA-based accelerator for network intrusion prevention. In: Proceedings of the ACM/SIGDA 15th International Symposium on Field Programmable Gate Arrays, 2007, pp. 199–206. ACM (2007)

    Google Scholar 

  6. Nikitakis, A., Papaefstathiou, L.: A memory-efficient FPGA-based classification engine. In: 16th International Symposium on Field-Programmable Custom Computing Machines, FCCM 2008, pp. 53–62. IEEE (2008)

    Google Scholar 

  7. Xilinx. Virtex 7 FPGA. http://www.xilinx.com/support/documentation/data_sheets/ds183_Virtex_7_Data_Sheet.pdf

  8. Yang, Y.-H.E., Prasanna, V.K.: High-performance and compact architecture for regular expression matching on FPGA. IEEE Trans. Comput. 61(7), 1013–1025 (2012)

    Article  MathSciNet  Google Scholar 

  9. Mansoori, M., Welch, I., Fu, Q.: YALIH, yet another low interaction honeyclient. In: Proceedings of the Twelfth Australasian Information Security Conference, vol. 149, pp. 7–15. Australian Computer Society Inc. (2014)

    Google Scholar 

  10. Jung, J.-H., Kim, H.-K., Choo, H.-L., ByungUk, L.: The protection technology of script-based cyber attack. J. Commun. Comput. 12, 91–99 (2015)

    Google Scholar 

  11. Sourdis, I., Pnevmatikatos, D.: Fast, large-scale string match for a 10Gbps FPGA-based network intrusion detection system. In: Cheung, P.Y.K., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, pp. 880–889. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  12. Le, H., Prasanna, V.K.: A memory-efficient and modular lpproach for large-scale string pattern matching. IEEE Trans. Comput. 62(5), 844–857 (2013)

    Article  MathSciNet  Google Scholar 

  13. Floyd, R.W., Ullman, J.D.: The compilation of regular xpressions into integrated circuits. J. ACM (JACM) 29(3), 603–622 (1982)

    Article  MathSciNet  MATH  Google Scholar 

  14. Sidhu, R., Prasanna, V.K.: Fast regular expression matching using FPGAs. In: The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, FCCM 2001, pp. 227–238. IEEE (2001)

    Google Scholar 

  15. Bispo, J., Sourdis, I., Cardoso, J.M., Vassiliadis, S.: Regular expression matching for reconfigurable packet inspection. In: IEEE International Conference on Field Programmable Technology, FPT 2006, pp. 119–126. IEEE (2006)

    Google Scholar 

  16. Public Repository of YARA Rules. https://github.com/Yara-Rules/rules

Download references

Author information

Authors and Affiliations

  1. Ming-Hsieh Department of Electrical Engineering, University of Southern California, Los Angeles, USA

    Shreyas G. Singapura & Viktor K. Prasanna

  2. Google Inc., Mountain View, CA, USA

    Yi-Hua E. Yang

  3. California State University, Fullerton, USA

    Anand Panangadan

  4. Chevron, San Ramon, USA

    Tamas Nemeth & Peter Ng

Authors
  1. Shreyas G. Singapura
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yi-Hua E. Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anand Panangadan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tamas Nemeth
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Peter Ng
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Viktor K. Prasanna
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shreyas G. Singapura .

Editor information

Editors and Affiliations

  1. University of Sao Paulo, São Carlos, Brazil

    Vanderlei Bonato

  2. Imperial College London, London, United Kingdom

    Christos Bouganis

  3. AGH University of Science and Technology, Krakow, Poland

    Marek Gorgon

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Singapura, S.G., Yang, YH.E., Panangadan, A., Nemeth, T., Ng, P., Prasanna, V.K. (2016). FPGA-Based Acceleration of Pattern Matching in YARA. In: Bonato, V., Bouganis, C., Gorgon, M. (eds) Applied Reconfigurable Computing. ARC 2016. Lecture Notes in Computer Science(), vol 9625. Springer, Cham. https://doi.org/10.1007/978-3-319-30481-6_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-30481-6_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-30480-9

  • Online ISBN: 978-3-319-30481-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation