Presentation is loading. Please wait.

Presentation is loading. Please wait.

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 15 October 2008 Microsystems and Nanoelectronics Research Conference 1 PERG: A Scalable Pattern-Matching.

Similar presentations


Presentation on theme: "T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 15 October 2008 Microsystems and Nanoelectronics Research Conference 1 PERG: A Scalable Pattern-Matching."— Presentation transcript:

1 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 15 October 2008 Microsystems and Nanoelectronics Research Conference 1 PERG: A Scalable Pattern-Matching Accelerator Johnny Ho and Guy Lemieux

2 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Motivation Rapid Growth of Computer Viruses Antivirus is Slow! Detection Bottleneck –Pattern-Matching Solution: Hardware Parallelism! 15 October 2008Microsystems and Nanoelectronics Research Conference 2

3 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Pattern-Matching Problem Given Fixed String Pattern P –Does P Exist in Input Datastream? Database of 100,000 Patterns? 15 October 2008Microsystems and Nanoelectronics Research Conference 3

4 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Do Patterns below appear in Data above? 72c3131372c35372c34382c35372c34382c33372c3131372c35372c34382c35372c34382c33372c 3131372c35332c35322c3130312c39382c33372c3131372c35352c35332c35362c39382c33372c3 131372c35362c39382c35312c39392c33372c3131372c35312c35332c35352c35322c33372c3131 372c34382c35312c35352c35362c33372c3131372c35332c35342c3130322c35332c33372c31313 72c35352c35342c35362c39382c33372c3131372c34382c35312c35302c34382c33372c3131372c 35312c35312c3130322c35332c33372c3131372c35322c35372c39392c35372c33372c3131372c3 9372c3130302c35322c34392c33372c3131372c3130302c39382c35312c35312c33372c3131372c 34382c31530065006e00640020006b00650079007300740072006f006b0065007300200065006e 00610062006c0065006400000030000000530065006e00640020006b0065007900730074007200 6f006b00650073002000640069007300610062006c0065006400000000001a00000043006f006e0 06e0065006300740065006400200074006f0020000000020000003a00000038000000540072006 1006e0073006600650072002000730065007300730069006f006e0020006500730074006100620 06c0069007300680065006400000000002c0000002000520065007600650072007300650020006 3006f006e006e0065006300740065006400200074006f002000000000002e0000004e006f002000 72006500730070006f006e00730065002000660072006f006d0020007300650072007600650072 0000001c0000004300610070007 15 October 2008Microsystems and Nanoelectronics Research Conference 4 30302c39382c35312c35312 82c33372c{2}313137d

5 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A What is The PERG ? Grep Spelled Backwards Software: Pattern Compiler Hardware: Configurable Architecture –FPGA (+ small SRAM) Performance Highlights –29x faster than Intel Core 2 Duo –29x better density than similar hardware engines 15 October 2008Microsystems and Nanoelectronics Research Conference 5

6 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Similar Problem: Network Security Network Intrusion Detection Systems (NIDS) –Deep-packet Inspection –Snort NIDS –Snort NIDS Pattern Database 15 October 2008Microsystems and Nanoelectronics Research Conference 6

7 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Similar Problem: Network Security Network Intrusion Detection Systems (NIDS) –Deep-packet Inspection –Snort Pattern Database 15 October 2008Microsystems and Nanoelectronics Research Conference 7

8 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Snort (NIDS) 15 October 2008Microsystems and Nanoelectronics Research Conference 8 Clam AntiVirus (ClamAV)

9 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 15 October 2008Microsystems and Nanoelectronics Research Conference 9 ClamAV Antivirus Snort NIDS Pattern Database Sizes

10 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A ClamAV Pattern Database 231,800 signatures –MD5 Checksums (63.1%) Software –Basic Patterns (34.6%) The PERG –Regular Expressions (2.3%) Future work 15 October 2008Microsystems and Nanoelectronics Research Conference 10

11 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 15 October 2008Microsystems and Nanoelectronics Research Conference 11 Existing PM Solutions Hardware Density Database Update Regular Expression Verification FSM (Aho Corsaik) LowDifficultYesNot Required Hash (Bloom Filter) HighEasyNoSlow The PERG Very High EasyYes * FPGA 2009 Fast

12 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Bloom Filter Hashing Pattern: “ABCD{4}EFG” Setup: Boolean Hash Table –Set TRUE at “ABCD” and “EFG” Operation: Hash Input String –Return FALSE – No Match –Return TRUE – Possible Match 15 October 2008Microsystems and Nanoelectronics Research Conference 12

13 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Bloom Filter Verification Aliasing False positives are detected Verification Necessary Exact-matching All Patterns All Patterns in Hash Table are possible Computationally expensive! Computationally expensive! 15 October 2008Microsystems and Nanoelectronics Research Conference 13

14 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Key Contributions Fast Verification –Use “Bloomier” Filters Perfect Hashing – Only 1 Pattern Possible –CRC – Fast Pattern Check –Dynamic Updates Improved Density (area) –Merge Bloomier Filters 15 October 2008Microsystems and Nanoelectronics Research Conference 14

15 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A The PERG Hardware 15 October 2008Microsystems and Nanoelectronics Research Conference 15

16 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A The PERG Hardware 15 October 2008Microsystems and Nanoelectronics Research Conference 16

17 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A The PERG Hardware 15 October 2008Microsystems and Nanoelectronics Research Conference 17

18 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A The PERG Hardware 15 October 2008Microsystems and Nanoelectronics Research Conference 18

19 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Filter Consolidation Example ABCD{4}EFG 15 October 2008Microsystems and Nanoelectronics Research Conference 19

20 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Pattern: Segmentation ABCD{4}EFG ABCD{7}EFG 15 October 2008Microsystems and Nanoelectronics Research Conference 20

21 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Pattern: Filter Mapping ABCD{4}EFG ABCD{7}EFG ABC{1}BCD{7}EFG 15 October 2008Microsystems and Nanoelectronics Research Conference 21

22 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Pattern: Filter Mapping ABCD{4}EFG ABCD{7}EFG ABC{1}BCD{7}EFG 15 October 2008Microsystems and Nanoelectronics Research Conference 22 123

23 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A The PERG Hardware 15 October 2008Microsystems and Nanoelectronics Research Conference 23

24 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A The PERG Hardware 15 October 2008Microsystems and Nanoelectronics Research Conference 24

25 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A The PERG Hardware 15 October 2008Microsystems and Nanoelectronics Research Conference 25 123

26 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Results # of Characters (Higher = Better) –8,224,848 characters The PERG – 68,266 characters Next-best NIDS # of Rules (Higher = Better) –80,282 rules The PERG – 5,026 rules Next-best NIDS Merged Hardware Resources –26 versus 261 filter units –11% versus 70% memory left unused 15 October 2008Microsystems and Nanoelectronics Research Conference 26 121x Better 16x Better 10x, 7x Better

27 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Throughput (Higher = Better) –190 MB/s The PERG – 6.5 MB/s Intel Core 2 Duo Density (Lower = Better) –0.3 bits/char The PERG –8.7 bits/char Next-best NIDS 15 October 2008Microsystems and Nanoelectronics Research Conference 27 29x Faster 29x Better Density Results

28 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Future Work Regular Expression Support –submitted to FPGA 2009 NIDS (Snort) database 15 October 2008Microsystems and Nanoelectronics Research Conference 28

29 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Thank You! 15 October 2008Microsystems and Nanoelectronics Research Conference 29

30 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Questions? 15 October 2008Microsystems and Nanoelectronics Research Conference 30 © Warner Bros and Legendary Pictures


Download ppt "T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 15 October 2008 Microsystems and Nanoelectronics Research Conference 1 PERG: A Scalable Pattern-Matching."

Similar presentations


Ads by Google