A Fast Regular Expression Matching Engine for NIDS Applying Prediction Scheme Author: Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan and Binxing Fang Publisher:

Slides:

Advertisements

Similar presentations

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:

Advertisements

Optimizing Regular Expression Matching with SR-NFA on Multi-Core Systems Authors : Yang, Y.E., Prasanna, V.K. Yang, Y.E. Prasanna, V.K. Publisher : Parallel.

An Efﬁcient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.

Pipelined Parallel AC-based Approach for Multi-String Matching Department of Computer Science and Information Engineering National Cheng Kung University,

A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,

Design of High Performance Pattern Matching Engine Through Compact Deterministic Finite Automata Department of Computer Science and Information Engineering.

Compact State Machines for High Performance Pattern Matching Department of Computer Science and Information Engineering National Cheng Kung University,

1 Multi-Core Architecture on FPGA for Large Dictionary String Matching Department of Computer Science and Information Engineering National Cheng Kung University,

1 Regular expression matching with input compression ： a hardware design for use within network intrusion detection systems Department of Computer Science.

An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.

Pipelined Architecture For Multi-String Match Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.

Memory-Efficient Regular Expression Search Using State Merging Department of Computer Science and Information Engineering National Cheng Kung University,

HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Authors : Wenjun Li, Xianfeng Li Publisher : 2013 IEEE 21st Annual Symposium.

Thopson NFA Presenter: Yuen-Shuo Li Date: 2014/5/7 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

Fast forwarding table lookup exploiting GPU memory architecture Author : Youngjun Lee,Minseon Jeong,Sanghwan Lee,Eun-Jin Im Publisher : Information and.

Packet Classification Using Multi-Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: COMPSACW, 2013 IEEE 37th Annual (Computer.

An Improved Algorithm to Accelerate Regular Expression Evaluation Author ： Michela Becchi 、 Patrick Crowley Publisher ： ANCS’07 Presenter ： Wen-Tse Liang.

An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture.

Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:

A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,

A Hybrid IP Lookup Architecture with Fast Updates Author : Layong Luo, Gaogang Xie, Yingke Xie, Laurent Mathy, Kavé Salamatian Conference: IEEE INFOCOM,

GPEP : Graphics Processing Enhanced Pattern- Matching for High-Performance Deep Packet Inspection Author: Lucas John Vespa, Ning Weng Publisher: 2011 IEEE.

Pattern-Based DFA for Memory- Efficient and Scalable Multiple Regular Expression Matching Author: Junchen Jiang, Yang Xu, Tian Pan, Yi Tang, Bin Liu Publisher:IEEE.

StriD 2 FA: Scalable Regular Expression Matching for Deep Packet Inspection Author: Xiaofei Wang, Junchen Jiang, Yi Tang, Bin Liu, and Xiaojun Wang Publisher:

1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,

Deterministic Finite Automaton for Scalable Traffic Identification: the Power of Compressing by Range Authors: Rafael Antonello, Stenio Fernandes, Djamel.

Regular Expression Matching for Reconfigurable Packet Inspection Authors: Jo˜ao Bispo, Ioannis Sourdis, Jo˜ao M.P. Cardoso and Stamatis Vassiliadis Publisher:

Memory-Efficient Regular Expression Search Using State Merging Author: Michela Becchi, Srihari Cadambi Publisher: INFOCOM th IEEE International.

Author ： Randy Smith & Cristian Estan & Somesh Jha Publisher ： IEEE Symposium on Security & privacy,2008 Presenter ： Wen-Tse Liang Date ： 2010/10/27.

Memory-Efficient and Scalable Virtual Routers Using FPGA Department of Computer Science and Information Engineering, National Cheng Kung University, Tainan,

Updating Designed for Fast IP Lookup Author : Natasa Maksic, Zoran Chicha and Aleksandra Smiljani´c Conference: IEEE High Performance Switching and Routing.

TFA: A Tunable Finite Automaton for Regular Expression Matching Author: Yang Xu, Junchen Jiang, Rihua Wei, Yang Song and H. Jonathan Chao Publisher: ACM/IEEE.

Binary-tree-based high speed packet classification system on FPGA Author: Jingjiao Li*, Yong Chen*, Cholman HO**, Zhenlin Lu* Publisher: 2013 ICOIN Presenter:

Range Enhanced Packet Classification Design on FPGA Author: Yeim-Kuan Chang, Chun-sheng Hsueh Publisher: IEEE Transactions on Emerging Topics in Computing.

LaFA Lookahead Finite Automata Scalable Regular Expression Detection Authors : Masanori Bando, N. Sertac Artan, H. Jonathan Chao Masanori Bando N. Sertac.

An Improved DFA for Fast Regular Expression Matching Author ： Domenico Ficara 、 Stefano Giordano 、 Gregorio Procissi Fabio Vitucci 、 Gianni Antichi 、 Andrea.

Packet Classification Using Dynamically Generated Decision Trees

GFlow: Towards GPU-based High- Performance Table Matching in OpenFlow Switches Author : Kun Qiu, Zhe Chen, Yang Chen, Jin Zhao, Xin Wang Publisher : Information.

Advanced Algorithms for Fast and Scalable Deep Packet Inspection Author ： Sailesh Kumar 、 Jonathan Turner 、 John Williams Publisher ： ANCS’06 Presenter.

LOP_RE: Range Encoding for Low Power Packet Classification Author: Xin He, Jorgen Peddersen and Sri Parameswaran Conference : IEEE 34th Conference on Local.

SRD-DFA Achieving Sub-Rule Distinguishing with Extended DFA Structure Author: Gao Xia, Xiaofei Wang, Bin Liu Publisher: IEEE DASC (International Conference.

Series DFA for Memory- Efficient Regular Expression Matching Author: Tingwen Liu, Yong Sun, Li Guo, and Binxing Fang Publisher: CIAA 2012( International.

Practical Multituple Packet Classification Using Dynamic Discrete Bit Selection Author: Baohua Yang, Fong J., Weirong Jiang, Yibo Xue, Jun Li Publisher:

Hierarchical Hybrid Search Structure for High Performance Packet Classification Authors : O˜guzhan Erdem, Hoang Le, Viktor K. Prasanna Publisher : INFOCOM,

Deep Packet Inspection as a Service Author : Anat Bremler-Barr, Yotam Harchol, David Hay and Yaron Koral Conference: ACM 10th International Conference.

Scalable Multi-match Packet Classification Using TCAM and SRAM Author: Yu-Chieh Cheng, Pi-Chung Wang Publisher: IEEE Transactions on Computers (2015) Presenter:

JA-trie: Entropy-Based Packet Classiﬁcation Author: Gianni Antichi, Christian Callegari, Andrew W. Moore, Stefano Giordano, Enrico Anastasi Conference.

Reorganized and Compact DFA for Efficient Regular Expression Matching

2018/4/27 PiDFA : A Practical Multi-stride Regular Expression Matching Engine Based On FPGA Author: Jiajia Yang, Lei Jiang, Qiu Tang, Qiong Dai, Jianlong.

A DFA with Extended Character-Set for Fast Deep Packet Inspection

2018/6/26 An Energy-efficient TCAM-based Packet Classification with Decision-tree Mapping Author: Zhao Ruan, Xianfeng Li , Wenjun Li Publisher: 2013.

Regular Expression Matching in Reconfigurable Hardware

Statistical Optimal Hash-based Longest Prefix Match

Parallel Processing Priority Trie-based IP Lookup Approach

Scalable Memory-Less Architecture for String Matching With FPGAs

Memory-Efficient Regular Expression Search Using State Merging

A Small and Fast IP Forwarding Table Using Hashing

A New String Matching Algorithm Based on Logical Indexing

Compact DFA Structure for Multiple Regular Expressions Matching

2019/5/3 A De-compositional Approach to Regular Expression Matching for Network Security Applications Author: Eric Norige Alex Liu Presenter: Yi-Hsien.

2019/5/8 BitCoding Network Traffic Classification Through Encoded Bit Level Signatures Author: Neminath Hubballi, Mayank Swarnkar Publisher/Conference:

Presenter: Yu Hao, Tseng Date: 2014/8/25

Design principles for packet parsers

A Hybrid IP Lookup Architecture with Fast Updates

2019/9/3 Adaptive Hashing Based Multiple Variable Length Pattern Search Algorithm for Large Data Sets 比對 Simple Pattern 的方法是基於 Hash 並且可以比對不同長度的 Pattern。

A SRAM-based Architecture for Trie-based IP Lookup Using FPGA

2019/10/9 Regular Expression Matching for Reconfigurable Constraint Repetition Inspection Authors : Miad Faezipour and Mehrdad Nourani Publisher : IEEE.

MEET-IP Memory and Energy Efficient TCAM-based IP Lookup

Presentation transcript:

A Fast Regular Expression Matching Engine for NIDS Applying Prediction Scheme Author: Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan and Binxing Fang Publisher: Computers and Communication (ISCC), 2014 IEEE Symposium on Presenter: Ching-Hsuan Shih Date: 2014/12/23 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Outline Introduction Related Work J-DFA Algorithm State Prediction Technique Hardware Implementation 2 National Cheng Kung University CSIE Computer & Internet Architecture Lab

Introduction (1/2) Signature-based deep packet inspection has taken root as a dominant security mechanism in networking devices and computer systems. Regular expressions are more expressive than simple patterns of strings and therefore able to describe a wider variety of payload signatures. National Cheng Kung University CSIE Computer & Internet Architecture Lab 3

Introduction (2/2) We develop a new DFA compression algorithm called J-DFA by clustering algorithm and encoding scheme. The compression ratio reaches about 99%. We develop a state prediction method for J-DFA. The prediction success rate of J-DFA reaches more than 99.5%. Based on J-DFA, we design a regular expression matching engine with state prediction unit on the newest Xilinx Virtex-7 chip. The throughput reaches from 230 Gbps to 430 Gbps. National Cheng Kung University CSIE Computer & Internet Architecture Lab 4

Related Work National Cheng Kung University CSIE Computer & Internet Architecture Lab 5 D2FA [7]: Kumar et al. observed that two states (S1, S2) have many same next states for the input characters. D2FA eliminates S1’s transitions by introducing a default transition from S1 to S2. δFA [8]: They record the transition set of current state into a local memory and only store the differences between current state and next hop state. A-DFA [10]: By introducing the notion of “state depth”, A- DFA constructs nearly optimal default paths. Compared with D2FA, A-DFA results in at most 2N state traversals when processing an input string of length N.

J-DFA algorithm is based on the observation below: Almost every state has multiple similar states, with very little different transitions between them. The transition table can be divided into one or more groups by putting similar states together. J-DFA Algorithm (1/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab 6

J-DFA algorithm has two steps: First, decompose a DFA using clustering algorithm. Second, further compress the storage space using runlength encoding scheme. J-DFA Algorithm (2/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab 7

When the input char c arrives, if the next state S common (c) not equal to S current (c), the prediction fails. Expect Bro217, the failure rate of J-DFA is lower than 0.5%. For sime cases, the failure rate is 0%. State Prediction Technique National Cheng Kung University CSIE Computer & Internet Architecture Lab 8

Hardware Implementation (1/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab 9 A. Mapping of State Prediction Scheme

Hardware Implementation (2/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab 10 B. J-DFA Regex Matching Engine

Hardware Implementation (2/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab 11 C. Performance Evaluation Xilinx Virtex-7 FPGA chip

Hardware Implementation (2/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab 12

Hardware Implementation (2/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab 13

Hardware Implementation (2/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab 14