Skip to main content
SpringerLink
Log in
SpringerLink
Log in

An FPGA-Based Algorithm to Accelerate Regular Expression Matching

  • Conference paper
  • First Online:
Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10658))

Abstract

State-of-the-art Network Intrusion Detection Systems (NIDSs) use regular expressions (REs) to detect attacks or vulnerabilities. In order to keep up with the ever-increasing speed, more and more NIDSs need to be implemented by dedicated hardware. A major bottleneck is that NIDSs scan incoming packets just byte by byte, which greatly limits their throughput. Besides, huge memory consumption limits it’s practicability. In this paper, we propose an algorithm for regular expression matching that consumes multiple characters per time while maintaining memory efficiency. It includes 3 ideas: (1) top-k state extraction; (2) variable-stride acceleration; (3) DFA compression. We tested our algorithm on several real-life RE rulesets. The experimental results show that it achieves good performance on both memory efficiency and high throughput. It could achieve 14–22x efficiency ratio than the original DFA on Bro and Snort rulesets, and 2–7x efficiency ratio than the original DFA on l7_filter ruleset.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Paper [10] focuses on whether a char is a Leaving Char. However, we focuses on whether a transition is a Leaving transition.

  2. 2.

    4’b110x, 4’b10xx, x denotes 0 or 1.

References

  1. Roesch, M., et al.: Snort: lightweight intrusion detection for networks. In: LISA, vol. 99, no. 1, pp. 229–238 (1999)

    Google Scholar 

  2. Hopcroft, J.E.: Introduction to Automata Theory, Languages, and Computation. Pearson Education, India (1979)

    MATH  Google Scholar 

  3. Kumar, S., Dharmapurikar, S., Yu, F., Crowley, P., Turner, J.: Algorithms to accelerate multiple regular expressions matching for deep packet inspection. ACM SIGCOMM Comput. Commun. Rev. 36(4), 339–350 (2006)

    Article  Google Scholar 

  4. Li, Y., Luo, X., Shao, X., Wei, D.: MDC-DFA: a multi-dimensional cube deterministic finite automata-based feature matching algorithm. In: 2015 Fifth International Conference on Information and Communication Technology Convergence (ICTC), pp. 1119–1124. IEEE (2015)

    Google Scholar 

  5. Liu, C., Pan, Y., Chen, A., Wu, J.: A DFA with extended characterset for fast deep packet inspection. IEEE Trans. Comput. 63(8), 1925–1937 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  6. Liu, T., Liu, A.X., Shi, J., Sun, Y., Guo, L.: Towards fast and optimal grouping of regular expressions via DFA size estimation. IEEE/ACM J. Sel. Areas Commun. 32(10), 1797–1809 (2014)

    Article  Google Scholar 

  7. Brodie, B.C., Taylor, D.E., Cytron, R.K.: A scalable architecture for high-throughput regular-expression pattern matching. In: ACM SIGARCH Computer Architecture News, vol. 34, no. 2, pp. 191–202. IEEE Computer Society (2006)

    Google Scholar 

  8. Bando, M., Artan, N.S., Chao, H.J.: Scalable lookahead regular expression detection system for deep packet inspection. IEEE/ACM Trans. Netw. 20(3), 699–714 (2012)

    Article  Google Scholar 

  9. Su, J., Chen, S., Han, B., Xu, C., Wang, X.: A 60GBps DPI prototype based on memory-centric FPGA. In: Proceedings of the 2016 Conference on ACM SIGCOMM 2016 Conference, pp. 627–628. ACM (2016)

    Google Scholar 

  10. Liu, X., Shao, Z., Liu, X., Sum, N.: Fine-grained parallel regular expression matching for deep packet inspection. J. Comput. Res. Dev. 5(51), 1061–1070 (2014)

    Google Scholar 

  11. Jiang, L., Dai, Q., Tang, Q., Tan, J., Fang, B.: A fast regular expression matching engine for NIDS applying prediction scheme. In: 2014 IEEE Symposium on Computers and Communication (ISCC), pp. 1–7. IEEE (2014)

    Google Scholar 

  12. The Bro Network Security Monitor. http://www.bro.org

  13. Levandoski, J., Sommer, E., Strait, M., et al.: Application Layer Packet Classifier for Linux (2008)

    Google Scholar 

  14. DARPA Intrusion Detection Data Sets. https://www.ll.mit.edu/ideval/data/

  15. Tang, Q., Jiang, L., Dai, Q., Su, M., Xie, H., Fang, B.: Rics-DFA: a space and time-efficient signature matching algorithm with reduced input character set. Concur. Comput.: Pract. Exp. (2016)

    Google Scholar 

  16. Luchaup, D., Smith, R., Estan, C., Jha, S.: Speculative parallel pattern matching. IEEE Trans. Inf. Forensics Secur. 54(2), 438–451 (2011)

    Article  Google Scholar 

Download references

Acknowledgments

This work is supported by the National Science Foundation of China (NSFC) under grant No. 61402475, and the National Science and Technology Major Project under Grant No. 2017YFB0803003.

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Jiajia Yang, Lei Jiang, Xu Bai, Qiong Dai & Majing Su

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, 100040, China

    Jiajia Yang, Lei Jiang, Xu Bai, Qiong Dai & Majing Su

  3. Department of Computer and Information Sciences, Fordham University, Bronx, NY, 10458, USA

    Md Zakirul Alam Bhuiyan

Authors
  1. Jiajia Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lei Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xu Bai
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Qiong Dai
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Majing Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Md Zakirul Alam Bhuiyan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lei Jiang .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Edith Kinney Gaylord Presidential Professor, University of Oklahoma, Norman, Oklahoma, USA

    Mohammed Atiquzzaman

  3. Aalto University, Espoo, Finland

    Zheng Yan

  4. University of Texas at San Antonio, San Antonio, Texas, USA

    Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yang, J., Jiang, L., Bai, X., Dai, Q., Su, M., Bhuiyan, M.Z.A. (2017). An FPGA-Based Algorithm to Accelerate Regular Expression Matching. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10658. Springer, Cham. https://doi.org/10.1007/978-3-319-72395-2_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72395-2_39

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72394-5

  • Online ISBN: 978-3-319-72395-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation