Multilevel pattern matching architecture for network intrusion detection and prevention system

Tian Song; Zhizhong Tang; Dongsheng Wang

doi:10.1007/978-3-540-72685-2_56

Multilevel pattern matching architecture for network intrusion detection and prevention system

Tian Song^*, Zhizhong Tang, Dongsheng Wang

^*Corresponding author for this work

Tsinghua University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Pattern matching is one of the most performance critical components in network intrusion detection and prevention system, which needs to be accelerated by carefully designed architectures. In this paper, we present a highly parameterized multilevel pattern matching architecture (MPM), which is implemented on FPGA by exploiting redundant resources among patterns for less chip area. In practice, MPM can be partitioned to several pipelines for high frequency. This paper also presents a pattern set compiler that can generate RTL codes of MPM with the given pattern set and predefined parameters. One MPM architecture is generated by our compiler based on Snort rules on Xilinx FPGA. The results show that MPM can achieve 4.3Gbps throughput with only 0.22 slices per character, about one half chip area than the most area-efficient architecture in literature. MPM can be parameterized potential for more than 100 Gbps throughput.

Original language	English
Title of host publication	Embedded Software and Systems - Third International Conference, ICESS 2007, Proceedings
Publisher	Springer Verlag
Pages	604-614
Number of pages	11
ISBN (Print)	3540726845, 9783540726845
DOIs	https://doi.org/10.1007/978-3-540-72685-2_56
Publication status	Published - 2007
Externally published	Yes
Event	3rd International Conference on Embedded Software and Systems, ICESS 2007 - Daegu, Korea, Republic of Duration: 14 May 2007 → 16 May 2007

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4523 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	3rd International Conference on Embedded Software and Systems, ICESS 2007
Country/Territory	Korea, Republic of
City	Daegu
Period	14/05/07 → 16/05/07

Access to Document

10.1007/978-3-540-72685-2_56

Cite this

Song, T., Tang, Z., & Wang, D. (2007). Multilevel pattern matching architecture for network intrusion detection and prevention system. In Embedded Software and Systems - Third International Conference, ICESS 2007, Proceedings (pp. 604-614). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4523 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-540-72685-2_56

Song, Tian ; Tang, Zhizhong ; Wang, Dongsheng. / Multilevel pattern matching architecture for network intrusion detection and prevention system. Embedded Software and Systems - Third International Conference, ICESS 2007, Proceedings. Springer Verlag, 2007. pp. 604-614 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{20a66c498ebd4270bb4a83e6ede21c11,

title = "Multilevel pattern matching architecture for network intrusion detection and prevention system",

abstract = "Pattern matching is one of the most performance critical components in network intrusion detection and prevention system, which needs to be accelerated by carefully designed architectures. In this paper, we present a highly parameterized multilevel pattern matching architecture (MPM), which is implemented on FPGA by exploiting redundant resources among patterns for less chip area. In practice, MPM can be partitioned to several pipelines for high frequency. This paper also presents a pattern set compiler that can generate RTL codes of MPM with the given pattern set and predefined parameters. One MPM architecture is generated by our compiler based on Snort rules on Xilinx FPGA. The results show that MPM can achieve 4.3Gbps throughput with only 0.22 slices per character, about one half chip area than the most area-efficient architecture in literature. MPM can be parameterized potential for more than 100 Gbps throughput.",

author = "Tian Song and Zhizhong Tang and Dongsheng Wang",

year = "2007",

doi = "10.1007/978-3-540-72685-2_56",

language = "English",

isbn = "3540726845",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "604--614",

booktitle = "Embedded Software and Systems - Third International Conference, ICESS 2007, Proceedings",

address = "Germany",

note = "3rd International Conference on Embedded Software and Systems, ICESS 2007 ; Conference date: 14-05-2007 Through 16-05-2007",

}

Song, T, Tang, Z & Wang, D 2007, Multilevel pattern matching architecture for network intrusion detection and prevention system. in Embedded Software and Systems - Third International Conference, ICESS 2007, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4523 LNCS, Springer Verlag, pp. 604-614, 3rd International Conference on Embedded Software and Systems, ICESS 2007, Daegu, Korea, Republic of, 14/05/07. https://doi.org/10.1007/978-3-540-72685-2_56

Multilevel pattern matching architecture for network intrusion detection and prevention system. / Song, Tian; Tang, Zhizhong; Wang, Dongsheng.
Embedded Software and Systems - Third International Conference, ICESS 2007, Proceedings. Springer Verlag, 2007. p. 604-614 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4523 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Multilevel pattern matching architecture for network intrusion detection and prevention system

AU - Song, Tian

AU - Tang, Zhizhong

AU - Wang, Dongsheng

PY - 2007

Y1 - 2007

N2 - Pattern matching is one of the most performance critical components in network intrusion detection and prevention system, which needs to be accelerated by carefully designed architectures. In this paper, we present a highly parameterized multilevel pattern matching architecture (MPM), which is implemented on FPGA by exploiting redundant resources among patterns for less chip area. In practice, MPM can be partitioned to several pipelines for high frequency. This paper also presents a pattern set compiler that can generate RTL codes of MPM with the given pattern set and predefined parameters. One MPM architecture is generated by our compiler based on Snort rules on Xilinx FPGA. The results show that MPM can achieve 4.3Gbps throughput with only 0.22 slices per character, about one half chip area than the most area-efficient architecture in literature. MPM can be parameterized potential for more than 100 Gbps throughput.

AB - Pattern matching is one of the most performance critical components in network intrusion detection and prevention system, which needs to be accelerated by carefully designed architectures. In this paper, we present a highly parameterized multilevel pattern matching architecture (MPM), which is implemented on FPGA by exploiting redundant resources among patterns for less chip area. In practice, MPM can be partitioned to several pipelines for high frequency. This paper also presents a pattern set compiler that can generate RTL codes of MPM with the given pattern set and predefined parameters. One MPM architecture is generated by our compiler based on Snort rules on Xilinx FPGA. The results show that MPM can achieve 4.3Gbps throughput with only 0.22 slices per character, about one half chip area than the most area-efficient architecture in literature. MPM can be parameterized potential for more than 100 Gbps throughput.

UR - http://www.scopus.com/inward/record.url?scp=38749092267&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-72685-2_56

DO - 10.1007/978-3-540-72685-2_56

M3 - Conference contribution

AN - SCOPUS:38749092267

SN - 3540726845

SN - 9783540726845

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 604

EP - 614

BT - Embedded Software and Systems - Third International Conference, ICESS 2007, Proceedings

PB - Springer Verlag

T2 - 3rd International Conference on Embedded Software and Systems, ICESS 2007

Y2 - 14 May 2007 through 16 May 2007

ER -

Song T, Tang Z, Wang D. Multilevel pattern matching architecture for network intrusion detection and prevention system. In Embedded Software and Systems - Third International Conference, ICESS 2007, Proceedings. Springer Verlag. 2007. p. 604-614. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-72685-2_56

Multilevel pattern matching architecture for network intrusion detection and prevention system

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this