Over 10Gbps String Matching Mechanism for Multi-stream Packet Scanning Systems

Sugawara, Yutaka; Inaba, Mary; Hiraki, Kei

doi:10.1007/978-3-540-30117-2_50

Yutaka Sugawara¹⁹,
Mary Inaba¹⁹ &
Kei Hiraki¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3203))

Included in the following conference series:

International Conference on Field Programmable Logic and Applications

1246 Accesses
32 Citations
3 Altmetric

Abstract

In this paper, we propose a string matching method for high-speed multi-stream packet scanning on FPGA. Our algorithm is capable of lightweight switching between streams, and enables easy implementation of multi-stream scanners. Furthermore, our method also enables high throughput. Using Xilinx XC2V6000-6 FPGA, we achieved 32Gbps for a 1000 characters rule set, and 14Gbps for a 2000 characters one. Rules can be updated by reconfiguration, and we implemented a converter that from given rules automatically generates the matching unit.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 74.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Coit, C.J., Staniford, S., McAlerney, J.: Towards Faster String Matching for Intrusion Detection or Exceeding the Speed of Snort. In: DISCEXII, DARPA Information Survivability conference and Exposition (2001)
Google Scholar
Cho, Y.H., Navab, S., Mangione-Smith, W.H.: Specialized Hardware for Deep Network Packet Filtering. In: Glesner, M., Zipf, P., Renovell, M. (eds.) FPL 2002. LNCS, vol. 2438, p. 452. Springer, Heidelberg (2002)
Chapter Google Scholar
Sourdis, I., Pnevmatikatos, D.: Fast, Large-Scale String Match for a 10Gbps FPGAbased Network Intrusion Detection System. In: Y. K. Cheung, P., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, Springer, Heidelberg (2003)
Chapter Google Scholar
Gokhale, M., Dubois, D., Dubois, A., Boorman, M., Poole, S., Hogsett, V.: Granidt: Towards Gigabit Rate Network Intrusion Detection Technology. In: Glesner, M., Zipf, P., Renovell, M. (eds.) FPL 2002. LNCS, vol. 2438, p. 404. Springer, Heidelberg (2002)
Chapter Google Scholar
Sidhu, R., Prasanna, V.K.: Fast regular expression matching using fpgas. In: Proc. of 9th IEEE Symp. on Field-Programmable Custom Computing Machines, FCCM 2001 (2001)
Google Scholar
Hutchings, B.L., Franklin, R., Carver, D.: Assisting network intrusion detection with reconfigurable hardware. In: Proc. of 10 th Annual IEEE Symp. on Field- Programmable Custom Computing Machines (FCCM 2002), pp. 111–120 (2002)
Google Scholar
Clark, C., Schimmel, D.: Scalable pattern matching for high speed networks. In: Proc. of 12th IEEE Symp. on Field-Programmable Custom Computing Machines, FCCM 2004 (2004)
Google Scholar
Moscola, J., Lockwood, J., Loui, R.P., Pachos, M.: Implementation of a contentscanning module for an internet firewall. In: Proc. of 11th Annual IEEE Symp. on Field-Programmable Custom Computing Machines (FCCM 2003), pp. 31–38 (2003)
Google Scholar
Dharmapurikar, S., Krishnamurthy, P., Sproull, T., Lockwood, J.: Deep packet inspection using parallel bloom filters. In: Proc. of 11th IEEE Symp. on High Performance Interconnects (HotI 2003), pp. 44–51 (2003)
Google Scholar
Baker, Z.K., Prasanna, V.K.: Time and Area Efficient Pattern Matching on FPGAs. In: Proc. of the 2004 ACM/SIGDA 12th Intl. Symp. on Field programmable gate arrays(FPGA 2004), pp. 223–232 (2004)
Google Scholar
Aho, V., Corasick, M.J.: Efficient String Matching: An Aid to Bibliographic Search. Communications of the ACM 18, 333–340 (1975)
Article MATH MathSciNet Google Scholar
Handley, M., Paxson, V.: Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. In: Proc. of 10th USENIX Security Symposium (2001)
Google Scholar
Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: Proc. of Lisa 1999: 13th Administration Conference (1999)
Google Scholar
Sugawara, Y.: Correctness Proof of the SBT method. Technical report, Dept. of Computer, Science, Univ. of Tokyo (2004)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science, Graduate School of Information Science and Technology, University of Tokyo, Tokyo, Japan
Yutaka Sugawara, Mary Inaba & Kei Hiraki

Authors

Yutaka Sugawara
View author publications
You can also search for this author in PubMed Google Scholar
Mary Inaba
View author publications
You can also search for this author in PubMed Google Scholar
Kei Hiraki
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

ITIV - Universitaet Karlsruhe (TH),
Jürgen Becker
University of Paderborn,
Marco Platzner
IMEC, Kapeldreef 75, Leuven, Leuven, Belgium
Serge Vernalde

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Sugawara, Y., Inaba, M., Hiraki, K. (2004). Over 10Gbps String Matching Mechanism for Multi-stream Packet Scanning Systems. In: Becker, J., Platzner, M., Vernalde, S. (eds) Field Programmable Logic and Application. FPL 2004. Lecture Notes in Computer Science, vol 3203. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30117-2_50

Download citation

DOI: https://doi.org/10.1007/978-3-540-30117-2_50
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22989-6
Online ISBN: 978-3-540-30117-2
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics