Skip to main content
SpringerLink
Log in

Highly Space Efficient Counters for Perl Compatible Regular Expressions in FPGAs

  • Conference paper
Reconfigurable Computing: Architectures, Tools and Applications (ARC 2008)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4943))

Included in the following conference series:

  • 975 Accesses

Abstract

Signature based network intrusion detection systems (NIDS) rely on an underlying string matching engine that inspects each network packet against a known malicious pattern database. Traditional static pattern descriptions may not efficiently represent sophisticated attack signatures. Recently, most NIDSs have adopted regular expressions such as Perl compatible regular expressions (PCREs) to describe an attack signature, especially for polymorphic worms. PCRE is a superset of traditional regular expression, in which no counters are involved. However, this overloads the performance of software-based NIDSs, causing a big portion of their execution time to be dedicated to pattern matching. Over the past decade, hardware acceleration for the pattern matching has been studied extensively and a marginal performance has been achieved. Among hardware approaches, FPGA-based acceleration engines provide great flexibility because new signatures can be compiled and programmed into their reconfigurable architecture. As more and more malicious signatures are discovered, it becomes harder to map a complete set of malicious signatures specified in PCREs to an FPGA chip. Even worse is that the counters used in PCREs typically take a great deal of hardware resources. Therefore, we propose a space efficient SelectRAM counter for PCREs that involve counting. The design takes advantage of components that consist of a configurable logic block, and thus optimizes space usage. A set of PCRE blocks has been built in hardware to implement PCREs used in Snort/Bro. Experimental results show that the proposed sheme outperforms existing designs by at least 5-fold. Performance results are reported in this paper.

This project is partially supported by the Center for Infrastructure Assurance and Security at UTSA and US Air Force under grant #26-0202-10.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Snort: Snort intrusion detection system (2007), http://snort.org

  2. Bro: Intrusion detection system (2007), http://www.bro-ids.org

  3. PCRE: Perl compatible regular expressions (2007), http://www.pcre.org

  4. Lo, C.T.D., Tai, Y.G., Psarris, K., Hwang, W.J.: Super fast hardware string matching. In: Proc. of the 2006 IEEE International Conference on Field Programmable Technology, Bangkok, Thailand (December 2006)

    Google Scholar 

  5. Roan, H.C., Hwang, W.J., Lo, C.T.D.: Shift-or circuit for efficient network intrusion detection pattern matching. In: Proc. of the 16th International Conference on Field Programmable Logic and Applications (FPL 2006), Madrid, SPAIN (August 2006), pp. 785–790 (2006)

    Google Scholar 

  6. Aho, A., Sethi, R., Ullman, J.: Compilers - Principles, Techniques, and Tools, pp. 117–123 (1988)

    Google Scholar 

  7. Floyd, R., Ullman, J.: The compilation of regular expressions into integrated circuits. Journal of the ACM (JACM) 29, 603–622 (1982)

    Article  MATH  MathSciNet  Google Scholar 

  8. McNaughton, R., Yamada, H.: Regular expressions and state graphs for automata. IEEE Transactions on Electronic Computers 9, 39–47 (1960)

    Article  Google Scholar 

  9. Hutchings, B.L., Franklin, R., Carver, D.: Assisting network intrusion detection with reconfigurable hardware. In: Porc. of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM 2002), Napa, CA (April 2002), pp. 111–120 (2002)

    Google Scholar 

  10. Clark, C., Schimmel, D.: Scalable parallel pattern-matching on high-speed networks. In: Proc. of IEEE Symposium on Field-Programmable Custom Computing Machines (2004)

    Google Scholar 

  11. Sutton, P.: Partial character decoding for improved regular expression matching in fpgas. In: Proceedings of IEEE International Conference on Field-Programmable Technology (FPT), pp. 25–32 (2004)

    Google Scholar 

  12. Lin, C.H., Huang, C.T., Jiang, C.P., Chang, S.C.: Optimization of regular expression pattern matching circuits on fpga. In: DATE 2006: Proceedings of the Conference on Design, Automation and Test in Europe, pp. 12–17 (2006)

    Google Scholar 

  13. Brodie, B., Taylor, D., Cytron, R.: A scalable architecture for high-throughput regular-expression pattern matching. In: the 33rd International Symposium on Computer Architecture (ISCA 2006), pp. 191–202 (2006)

    Google Scholar 

  14. Baker, Z., Prasanna, V., Jung, H.J.: Regular expression software deceleration for intrusion detection systems. In: The 16th International Conference on Field Programmable Logic and Applications (August 2006), pp. 1–8 (2006)

    Google Scholar 

  15. Yusuf, S., Luk, W., Szeto, M.K.N., Osborne, W.: Unite: Uniform hardware-based network intrusion detection engine. In: Reconfigurable Computing: Architectures and Applications, pp. 389–400 (2006)

    Google Scholar 

  16. Bispo, J., Sourdis, I., Cardoso, J., Vassiliadis, S.: Regular expression matching for reconfigurable packet inspection. In: Proc. of the 16th International Conference on Field Programmable Logic and Applications (FPL 2006), Madrid, SPAIN (August 2006), pp. 119–126 (2006)

    Google Scholar 

  17. Bispo, J., Sourdis, I., Cardoso, J., Vassiliadis, S.: Synthesis of regular expressions targeting fpgas: Current status and open issues. In: Reconfigurable Computing: Architectures, Tools and Applicatins (June 2007), pp. 179–190 (2007)

    Google Scholar 

  18. Moscola, J., Lockwood, J., Loui, R., Pachos, M.: Implementation of a content-scanning module for an internet firwall. In: Proc. of IEEE Workshop on FPGAs for Custom Computing Machines, Napa, CA (April 2003), pp. 31–38 (2003)

    Google Scholar 

  19. Sidhu, R., Prasanna, V.K.: Fast regular expression matching using fpgas. In: Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines (April 2001), pp. 227–238 (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Texas at San Antonio,  

    Chia-Tien Dan Lo & Yi-Gang Tai

Authors
  1. Chia-Tien Dan Lo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yi-Gang Tai
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Roger Woods Katherine Compton Christos Bouganis Pedro C. Diniz

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lo, CT.D., Tai, YG. (2008). Highly Space Efficient Counters for Perl Compatible Regular Expressions in FPGAs. In: Woods, R., Compton, K., Bouganis, C., Diniz, P.C. (eds) Reconfigurable Computing: Architectures, Tools and Applications. ARC 2008. Lecture Notes in Computer Science, vol 4943. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78610-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-78610-8_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-78609-2

  • Online ISBN: 978-3-540-78610-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation