A Reconfigurable Multi-Byte Regular-Expression Matching Architecture for Signature-Based Intrusion Detection

A Reconfigurable Multi-Byte Regular-Expression Matching Architecture for Signature-Based Intrusion Detection

String/regular-expression matching is widely used in different applications. Our work is concerned with high-throughput regular-expression matching in the context of intrusion detection systems as it is the most computationally intensive part of the operation. The results, however, should be equally...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Badran, T.F., Ahmad, H.H., Abdelgawad, M.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Circuits
Clocks
Computer architecture
Computer networks
Exact-Pattern Matching
Field programmable gate arrays
Hardware
Intrusion detection
Reconfigurable Architecture
Reconfigurable architectures
Regular-Expression Matching
System performance
Throughput
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:String/regular-expression matching is widely used in different applications. Our work is concerned with high-throughput regular-expression matching in the context of intrusion detection systems as it is the most computationally intensive part of the operation. The results, however, should be equally applicable to other domains that require fast regular-expression matching. The major contribution of this paper is a reconfigurable architecture that performs regular-expression matching on a multi-byte per clock cycle basis. We are able to explore the system performance for different byte-processing rates - from 4 to 64 - by automating the VHDL-generation process and implementing the resulting circuits on a general- purpose FPGA. Theoretical expressions for resource usage (cost) as a function of byte-rate and pattern-length are also presented.
DOI:10.1109/ICTTA.2008.4530280