research-article

Exploration of Hardware Architectures for String Matching Algorithms in Network Intrusion Detection Systems

Authors:
Muhammad Rashid

Computer Engineering Department, Umm Al-Qura University, Makkah, Saudi Arabia

Computer Engineering Department, Umm Al-Qura University, Makkah, Saudi Arabia
View Profile

,
Malik Imran

Science and Technology Unit (STU), Umm Al-Qura University, Makkah, Saudi Arabia

Science and Technology Unit (STU), Umm Al-Qura University, Makkah, Saudi Arabia
View Profile

,
Atif Raza Jafri

Electrical Engineering Department, Bahria University, Islamabad, Pakistan

Electrical Engineering Department, Bahria University, Islamabad, Pakistan
View Profile

IAIT '20: Proceedings of the 11th International Conference on Advances in Information TechnologyJuly 2020Article No.: 3Pages 1–7https://doi.org/10.1145/3406601.3406608

Published:03 July 2020Publication History

IAIT '20: Proceedings of the 11th International Conference on Advances in Information Technology

Pages 1–7

ABSTRACT

An intrusion detection system monitors and analyzes all the incoming packets, on a given network, to detect any corresponding vulnerabilities and intrusions. It consists of four major modules: packet capturing, packet decoding, packet preprocessing and string/pattern matching. Among these, the string matching is computationally the most intensive part and a number of hardware architectures/designs have already been proposed to accelerate its performance. Consequently, an exploration of existing hardware architectures for string matching algorithms is critical. This paper identifies the most frequently used string matching algorithms and techniques, utilized for the hardware implementation. Subsequently, an exploration of various hardware architectures is provided for the identified algorithms and techniques. Finally, the implementation details of explored architectures are discussed in terms of the used device, consumed hardware resources, operational clock frequency and throughput.

References

P. M. K. Tharaka, D. M. D. Wijerathne, N. Perera, D. Vishwajith and A. Pasqual, "Runtime Rule-Reconfigurable High Throughput NIPS on FPGA," International Conference on Field Programmable Technology (ICFPT), Melbourne, 2017, pp. 251--254.Google Scholar
D. Pao and X. Wang, "Multi-Stride String Searching for High-Speed Content Inspection," The Computer Journal, vol. 55, pp. 1216--1231, 2012.Google ScholarDigital Library
D. PAO, W. LIN and B. LIU, "A Memory-Efficient Pipelined Implementation of the Aho-Corasick String-Matching Algorithm," ACM Transaction on Architecture and Code Optimization, vol. 7, pp. 1--27, 2010.Google ScholarDigital Library
X. Wang and D. Pao, "Memory based architecture for multi character Aho Corasick string matching," Transaction on VLSI Systems, vol. 26, pp.143--154, 2018.Google ScholarCross Ref
Domínguez, P. P. Carballo and A. Nunez, "Programmable SoC Platform for Deep Packet Inspection using Enhanced Boyer-Moore Algorithm," 12th International Symposium on Recotnfigurable Communication-centric Systems-on-Chip (ReCoSoC), Madrid, 2017, pp. 1--8.Google Scholar
I. Sarbishei, S. Vakili, J.M. P. Langlois, and Y. Savaria, "Scalable Memory-Less Architecture for String Matching With FPGAs," IEEE International Symposium on Circuits and Systems (ISCAS), Baltimore, 2017, pp. 1--4.Google Scholar
S. Pontarelli, G. Bianchi, and S. Teofili, "Traffic-Aware Design of a High-Speed FPGA Network Intrusion Detection System," Transactions on Computers, vol. 62, pp. 2322--2333, 2013.Google ScholarDigital Library
J. M. Bande, J. H. Palancar and R. Cumplido, "Multi-character Cost-effective and High Throughput Architecture for Content Scanning," Microprocessors and Microsystems, vol. 37, pp. 1200--1207, 2013.Google ScholarDigital Library
H. Kim, K. Choi and S. Choi, "A Memory-Efficient Deterministic Finite Automaton-Based Bit-Split String Matching Scheme Using Pattern Uniqueness in Deep Packet Inspection," PLoSONE, vol. 10, pp. 1--24, 2015.Google Scholar
H. J. Kim, H. S. Kim, and S. Kang, "A Memory-Efficient Bit-Split Parallel String Matching Using Pattern Dividing for Intrusion Detection Systems," Transaction on Parallel and Distributed Systems, vol. 22, pp. 1904--1911, 2011.Google ScholarDigital Library
M. Arun and A. Krishnan, "Functional Verification of Signature Detection Architectures for High Speed Network Applications," International Journal of Automation and Computing, vol. 9, pp. 395--402, 2012.Google ScholarDigital Library
T. N. Thinh and S. Kittitornkun, "Massively Parallel Cuckoo Pattern Matching Applied For NIDS/NIPS," 5th International Symposium on Electronic, Design, Test and Applications, Ho Chi Minh, Vietnam, 2010, pp. 217--221.Google Scholar
O. Erdem, "Tree-based String Pattern Matching on FPGAs," Computers and Electrical Engineering, vol. 49, pp. 117--133, 2016.Google ScholarDigital Library
M. H. Hajiabadi, H. Saidi and M. Behdadfar, "Scalable High-Throughput and Modular Hardware Based String Matching Algorithm," 11th International ISC Conference on Information Sec and Cryptology, Tehran, 2014, pp.192--198.Google Scholar
H. Le and V. K. Prasanna, "A Memory-Efficient and Modular Approach for Large-Scale String Pattern Matching," IEEE Transaction on Computers, vol. 62, pp. 844--857, 2013.Google ScholarDigital Library
C. H. Lin, and S. C. Chang, "Efficient Pattern Matching Algorithm for Memory Architecture," Transaction on VLSI Systems, vol. 19, pp. 33--40, 2011.Google ScholarDigital Library
A. Madhavan, T. Sherwood, and D. B. Strukov, "High-throughput Pattern Matching with CMOL FPGA Circuits: Case for Logic-in-memory Computing," Transaction on VLSI Systems, vol. 26, pp. 2759--2772, 2018.Google ScholarCross Ref
I. Roy, A. Srivastava, M. Nourian, M. Becchi and S. Aluru, "High Performance Pattern Matching using the Automata Processor," International Parallel and Distributed Processing Symposium (IPDPS), Chicago, 2016, pp. 1123--1132.Google Scholar
G. Erdem and A. Carus, "Multi-pipelined and Memory-efficient Packet Classification Engines on FPGAs," Computer Communications, vol. 67, pp. 75--91, 2015.Google ScholarDigital Library
D. Rozenblum, "Understanding Intrusion Detection Systems," SANS Institute--- Information Security Reading Room, (2001), [Online] available at: https://www.sans.org/reading-room/whitepapers/detection/understanding-intrusion-detection-systems-337.Google Scholar
Host Based Intrusion Detection System (HIDS), Last Accessed (2019), [Online] available at: https://www.techopedia.com/definition/12826/host-based-intrusion-detection-system-hids.Google Scholar
P. P. loulianou, V. vassilakis and I. D. Moscholios, "A Signature Based Intrusion Detection Systems for the Internet of Things, Information and Communication Technology Forum (ICTF), Graz, 2018, pp. 11--13.Google Scholar
Snort 3.0Beta, Open Source IDS, Last Accessed (2019), [Online] available at: https//www.snort.org/.Google Scholar
Suricata Tutorial, Last Accessed (2019), [Online] available at: https://resources.sei.cmu.edu/asset_files/Presentation/2016_017_001_449890.pdf.Google Scholar
The Bro Network Security Monitor, Open Source IDS, Last Accessed (2019), [Online] available at: https://www.zeek.org/bro-cybersecurity-summit-7Google Scholar
M. Imran, M. Rashid, A. R. Jafri and M. N. Islam, "ACryp-Proc: Flexible Asymmetric Crypto Processor for Point Multiplication", IEEE Access, vol. 6, pp. 22778--22793, 2018.Google ScholarCross Ref
M. Rashid, M. Imran, A. R. Jafri, "Comparative analysis of flexible cryptographic implementations", In Proc. of 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC), Tallinn, Estonia, 2016.Google Scholar
M. Rashid, M. Imran, A. R. Jafri, Turki Al-Somani, "Flexible Architectures for Cryptographic Algorithms - A Systematic Literature Review", Journal of Circuits, Systems and Computers, vol. 28, no. 3, 2019.Google ScholarCross Ref
A. Amjed, F. Azam, W. H. Butt, M. W. Anwar and M. Rashid, "Event-driven Process Chain (EPC) for Modeling and Verification of Business Requirements - A Systematic Literature Review", IEEE Access, Vol. 6, pp. 9027--9048, 2018.Google ScholarCross Ref
M. Rashid, M. W. Anwar, A. M. Khan, "Towards the Tools Selection in Model Based System Engineering for Embedded Systems - A Systematic Literature Review", Journal of Systems and Software, vol. 106, pp. 150--163, 2015.Google ScholarDigital Library

Index Terms

Exploration of Hardware Architectures for String Matching Algorithms in Network Intrusion Detection Systems

Index terms have been assigned to the content through auto-classification.

Recommendations

Hardware implementation for network intrusion detection rules with regular expression support
SAC '08: Proceedings of the 2008 ACM symposium on Applied computing

Signature-based network intrusion detection systems (NIDSs), such as Snort and Bro, rely on a rule database that describes traffic patterns for known attacks. They examine each packets flowing through a network segment and report suspicious packets to ...
Read More
Configurable string matching hardware for speeding up intrusion detection
Special issue: Workshop on architectural support for security and anti-virus (WASSA)

Signature-based Intrusion Detection Systems (IDSs) monitor network traffic for security threats by scanning packet payloads for attack signatures. IDSs have to run at wire speed and need to be configurable to protect against emerging attacks. In this ...
Read More
Multiprocessing scalable string matching algorithm for network intrusion detection system

With high increasing speed of today's computer networks which affects the performance of security issues in terms of detection speed, the traditional security tools such as firewall is insufficient to protect the networks from external threads. Intrusion ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
IAIT '20: Proceedings of the 11th International Conference on Advances in Information Technology
July 2020
370 pages
ISBN:9781450377591
DOI:10.1145/3406601
General Chair:
K. Porkaew,
Program Chairs:
M. Chignell,
S. Fong,
B. Watanapa
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 3 July 2020
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Network intrusion detection system
hardware implementations
string matching algorithms
throughput
Qualifiers
- research-article
- Research
- Refereed limited
Conference

Acceptance Rates
Overall Acceptance Rate20of47submissions,43%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 8
  Total Citations
  View Citations
- 143
  Total Downloads
- Downloads (Last 12 months)18
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Exploration of Hardware Architectures for String Matching Algorithms in Network Intrusion Detection Systems

IAIT '20: Proceedings of the 11th International Conference on Advances in Information Technology

ABSTRACT

References

Cited By

Index Terms

Recommendations

Hardware implementation for network intrusion detection rules with regular expression support

Configurable string matching hardware for speeding up intrusion detection

Multiprocessing scalable string matching algorithm for network intrusion detection system