Presentation is loading. Please wait.

Presentation is loading. Please wait.

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 15 October 2008 Microsystems and Nanoelectronics Research Conference 1 PERG: A Scalable Pattern-Matching.

Similar presentations


Presentation on theme: "T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 15 October 2008 Microsystems and Nanoelectronics Research Conference 1 PERG: A Scalable Pattern-Matching."— Presentation transcript:

1 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 15 October 2008 Microsystems and Nanoelectronics Research Conference 1 PERG: A Scalable Pattern-Matching Accelerator Johnny Ho and Guy Lemieux

2 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Motivation Rapid Growth of Computer Viruses Antivirus is Slow! Detection Bottleneck –Pattern-Matching Solution: Hardware Parallelism! 15 October 2008Microsystems and Nanoelectronics Research Conference 2

3 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Pattern-Matching Problem Given Fixed String Pattern P –Does P Exist in Input Datastream? Database of 100,000 Patterns? 15 October 2008Microsystems and Nanoelectronics Research Conference 3

4 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Do Patterns below appear in Data above? 72c c35372c34382c35372c34382c33372c c35372c34382c35372c34382c33372c c35332c35322c c39382c33372c c35352c35332c35362c39382c33372c c35362c39382c35312c39392c33372c c35312c35332c35352c35322c33372c c34382c35312c35352c35362c33372c c35332c35342c c35332c33372c c35352c35342c35362c39382c33372c c34382c35312c35302c34382c33372c c 35312c35312c c35332c33372c c35322c35372c39392c35372c33372c c3 9372c c35322c34392c33372c c c39382c35312c35312c33372c c 34382c e b f006b e c e b f006b c a f006e0 06e f a e f006e c c f006e006e f e e006f f006e f006d c October 2008Microsystems and Nanoelectronics Research Conference c39382c35312c c33372c{2}313137d

5 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A What is The PERG ? Grep Spelled Backwards Software: Pattern Compiler Hardware: Configurable Architecture –FPGA (+ small SRAM) Performance Highlights –29x faster than Intel Core 2 Duo –29x better density than similar hardware engines 15 October 2008Microsystems and Nanoelectronics Research Conference 5

6 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Similar Problem: Network Security Network Intrusion Detection Systems (NIDS) –Deep-packet Inspection –Snort NIDS –Snort NIDS Pattern Database 15 October 2008Microsystems and Nanoelectronics Research Conference 6

7 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Similar Problem: Network Security Network Intrusion Detection Systems (NIDS) –Deep-packet Inspection –Snort Pattern Database 15 October 2008Microsystems and Nanoelectronics Research Conference 7

8 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Snort (NIDS) 15 October 2008Microsystems and Nanoelectronics Research Conference 8 Clam AntiVirus (ClamAV)

9 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 15 October 2008Microsystems and Nanoelectronics Research Conference 9 ClamAV Antivirus Snort NIDS Pattern Database Sizes

10 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A ClamAV Pattern Database 231,800 signatures –MD5 Checksums (63.1%) Software –Basic Patterns (34.6%) The PERG –Regular Expressions (2.3%) Future work 15 October 2008Microsystems and Nanoelectronics Research Conference 10

11 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 15 October 2008Microsystems and Nanoelectronics Research Conference 11 Existing PM Solutions Hardware Density Database Update Regular Expression Verification FSM (Aho Corsaik) LowDifficultYesNot Required Hash (Bloom Filter) HighEasyNoSlow The PERG Very High EasyYes * FPGA 2009 Fast

12 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Bloom Filter Hashing Pattern: “ABCD{4}EFG” Setup: Boolean Hash Table –Set TRUE at “ABCD” and “EFG” Operation: Hash Input String –Return FALSE – No Match –Return TRUE – Possible Match 15 October 2008Microsystems and Nanoelectronics Research Conference 12

13 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Bloom Filter Verification Aliasing False positives are detected Verification Necessary Exact-matching All Patterns All Patterns in Hash Table are possible Computationally expensive! Computationally expensive! 15 October 2008Microsystems and Nanoelectronics Research Conference 13

14 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Key Contributions Fast Verification –Use “Bloomier” Filters Perfect Hashing – Only 1 Pattern Possible –CRC – Fast Pattern Check –Dynamic Updates Improved Density (area) –Merge Bloomier Filters 15 October 2008Microsystems and Nanoelectronics Research Conference 14

15 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A The PERG Hardware 15 October 2008Microsystems and Nanoelectronics Research Conference 15

16 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A The PERG Hardware 15 October 2008Microsystems and Nanoelectronics Research Conference 16

17 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A The PERG Hardware 15 October 2008Microsystems and Nanoelectronics Research Conference 17

18 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A The PERG Hardware 15 October 2008Microsystems and Nanoelectronics Research Conference 18

19 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Filter Consolidation Example ABCD{4}EFG 15 October 2008Microsystems and Nanoelectronics Research Conference 19

20 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Pattern: Segmentation ABCD{4}EFG ABCD{7}EFG 15 October 2008Microsystems and Nanoelectronics Research Conference 20

21 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Pattern: Filter Mapping ABCD{4}EFG ABCD{7}EFG ABC{1}BCD{7}EFG 15 October 2008Microsystems and Nanoelectronics Research Conference 21

22 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Pattern: Filter Mapping ABCD{4}EFG ABCD{7}EFG ABC{1}BCD{7}EFG 15 October 2008Microsystems and Nanoelectronics Research Conference

23 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A The PERG Hardware 15 October 2008Microsystems and Nanoelectronics Research Conference 23

24 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A The PERG Hardware 15 October 2008Microsystems and Nanoelectronics Research Conference 24

25 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A The PERG Hardware 15 October 2008Microsystems and Nanoelectronics Research Conference

26 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Results # of Characters (Higher = Better) –8,224,848 characters The PERG – 68,266 characters Next-best NIDS # of Rules (Higher = Better) –80,282 rules The PERG – 5,026 rules Next-best NIDS Merged Hardware Resources –26 versus 261 filter units –11% versus 70% memory left unused 15 October 2008Microsystems and Nanoelectronics Research Conference x Better 16x Better 10x, 7x Better

27 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Throughput (Higher = Better) –190 MB/s The PERG – 6.5 MB/s Intel Core 2 Duo Density (Lower = Better) –0.3 bits/char The PERG –8.7 bits/char Next-best NIDS 15 October 2008Microsystems and Nanoelectronics Research Conference 27 29x Faster 29x Better Density Results

28 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Future Work Regular Expression Support –submitted to FPGA 2009 NIDS (Snort) database 15 October 2008Microsystems and Nanoelectronics Research Conference 28

29 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Thank You! 15 October 2008Microsystems and Nanoelectronics Research Conference 29

30 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Questions? 15 October 2008Microsystems and Nanoelectronics Research Conference 30 © Warner Bros and Legendary Pictures


Download ppt "T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 15 October 2008 Microsystems and Nanoelectronics Research Conference 1 PERG: A Scalable Pattern-Matching."

Similar presentations


Ads by Google