BBFEX: a bloom-bloomier filter extension for long patterns in FPGA-based pattern matching system (abstract only)
Page 285
Abstract
There are many pattern matching engines in Network Intrusion Detection Systems (NIDS) have been developed on FPGA-based platforms to accelerates the performance of pattern matching process in order to keep up with the gradually increasing in speed of current networks. However, those systems only support small number of short patterns which are not appropriate to large database such as Clam Antivirus patterns. In this paper, we propose Bloom-Bloomier Filter Extension (BBFex) as a practical pattern matching engine that handles large various-length pattern database. The basic idea in designing BBFex is the combination of Bloom Filter and Bloomier Filter to index patterns and an efficient pattern fragmenting method to split and to merge long patterns. Therefore, BBFex can recognize nearly 84,000 Clam Antivirus static patterns of which lengths vary from 4 to 255 characters with rather low on chip memory density, approximately 0.4 bits per character while keeping the off-chip memory access rate 5X lower compared to previous similar system and achieving throughput of 1.36 Gbps. In addition, BBFex is not only limited to Clam Antivirus database because its architecture is designed in respect to general character-based database. Moreover, as a hash-based system, BBFex does not require entire system reconfiguration when updating database.
References
[1]
Clamav official website, http://www.clamav.net.
[2]
T. Abuhmed, A. Mohaisen, and D. Nyang. Deep packet inspection for intrusion detection systems: A survey, 2007.
[3]
B. H. Bloom. Space/time trade-offs in hash coding with allowable errors. Communications of the ACM,13:422--426, 1970.
[4]
B. Chazelle, J. Kilian, R. Rubinfeld, and A. Tal. The bloomier filter: an efficient data structure for static support lookup tables. In J. I. Munro, editor, Proceedings of the Fifteenth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2004, New Orleans, Louisiana, USA, January 11-14, 2004, pages 30--39. SIAM, 2004.
[5]
S. Dharmapurikar, P. Krishnamurthy, T. S. Sproull, and J. W. Lockwood. Deep packet inspection using parallel bloom filters. IEEE Micro, 24(1):52--61, 2004.
[6]
J. Hasan, S. Cadambi, V. Jakkula, and S. T. Chakradhar. Chisel: A storage-efficient, collision-free hash-based network processing architecture. In 33rd International Symposium on Computer Architecture (ISCA 2006), June 17-21, 2006, Boston, MA, USA, pages 203--215. IEEE Computer Society, 2006.
[7]
J. Ho and G. Lemieux. Perg: A scalable fpga-based pattern-matching engine with consolidated bloomier filters. In ICECE Technology, 2008. FPT 2008. International Conference, pages 73--80. IEEE Computer Society, 2008.
[8]
G. Papadopoulos and D. N. Pnevmatikatos. Hashing + memory = low cost, exact pattern matching. In T. Rissa, S. J. E. Wilton, and P. H. W. Leong, editors, Proceedings of the 2005 International Conference on Field Programmable Logic and Applications (FPL), Tampere, Finland, August 24-26, 2005, pages 39--44. IEEE, 2005.
[9]
D. N. Pnevmatikatos and A. Arelakis. Variable-length hashing for exact pattern matching. In Proceedings of the 2006 International Conference on Field Programmable Logic and Applications (FPL), Madrid, Spain, August 28-30, 2006, pages 1--6. IEEE, 2006.
[10]
H. Song, S. Dharmapurikar, J. S. Turner, and J. W. Lockwood. Fast hash table lookup using extended bloom filter: an aid to network processing. In R. GuÜAl'rin, R. Govindan, and G. Minshall, editors, Proceedings of the ACM SIGCOMM 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Philadelphia, Pennsylvania, USA, August 22-26, 2005, pages 181--192. ACM, 2005.
[11]
I. Sourdis, D. Pnevmatikatos, S. Wong, and S. Vassiliadis. A reconfigurable perfect-hashing scheme for packet inspection. In in Proceedings of 15th Int. Conf. on Field Programmable Logic and Applications, pages 644--647, 2005.
[12]
T. N. Thinh and S. Kittitornkun. Systolic array for string matching in nids. In AsiaCSN '07: Proceedings of the Fourth IASTED Asian Conference on Communication Systems and Networks, pages 84--88, Anaheim, CA, USA, 2007. ACTA Press.
[13]
T. N. Tran, S. Kittitornkun, and S. Tomiyama. Applying cuckoo hashing for fpga-based pattern matching in nids/nips. IEEE International FPT Conference, pages 121--128, 2007.
Index Terms
- BBFEX: a bloom-bloomier filter extension for long patterns in FPGA-based pattern matching system (abstract only)
Recommendations
A high-speed and large-scale dictionary matching engine for Information Extraction systems
ASAP '13: Proceedings of the 2013 IEEE 24th International Conference on Application-specific Systems, Architectures and Processors (ASAP)Dictionary matching is a commonly used operation in Information Extraction (IE) systems. It involves matching a set of strings in a document against a dictionary of pre-defined patterns. In this paper, we describe a high performance and scalable ...
Efficient hardware support for pattern matching in network intrusion detection
Deep packet inspection forms the backbone of any Network Intrusion Detection (NID) system. It involves matching known malicious patterns against the incoming traffic payload. Pattern matching in software is prohibitively slow in comparison to current ...
Comments
Information & Contributors
Information
Published In
February 2011
300 pages
Copyright © 2011 Authors.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 27 February 2011
Check for updates
Author Tags
Qualifiers
- Poster
Conference
FPGA '11
Sponsor:
FPGA '11: ACM/SIGDA International Symposium on Field Programmable Gate Arrays
February 27 - March 1, 2011
CA, Monterey, USA
Acceptance Rates
Overall Acceptance Rate 125 of 627 submissions, 20%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 08 Mar 2025