Presentation is loading. Please wait.

Presentation is loading. Please wait.

High-Performance Pattern Matching for Intrusion Detection

Published byΑκακαλλις Μπουκουβαλαίοι Modified over 5 years ago

Similar presentations

Presentation on theme: "High-Performance Pattern Matching for Intrusion Detection"— Presentation transcript:

1 High-Performance Pattern Matching for Intrusion Detection
IEEE Infocom 2006

2 Contents Background: AC algorithm BFSM Optimizations to BFSM
The implementation of BFSM Experimental Results

3 The AC Algorithm P={he, she, his, hers}

4 The AC Algorithm P={he, she, his, hers}

5 The AC Algorithm P={he, she, his, hers}

6 The AC Algorithm The Non-deterministic Finite Automaton (NFA)

7 The AC Algorithm Convert NFA to DFA (deterministic FA)

8 The AC Algorithm The Standard AC State Node Implementation:
struct ac_node { int * next_state[256]; rule * match_rule_list; }

9 The BFSM Algorithm Concentrate on DFA
Mainly a novel implementation of DFA The work is based on implementation on hardware, FPGA or ASIC.

10 The BFSM Algorithm The transition rules The description of BFSM
*Rule Selection Policy *State Clusters for scalability purpose

11 The BFSM Algorithm The transition rules

12 The BFSM Algorithm The block diagram of BFSM

13 The BFSM Algorithm Rule Selector Policy: Balanced Routing Table Searching Algorithm

14 The BFSM Algorithm Balanced Routing Table Searching Algorithm:
** The maximum number of collisions for every hash index is no more than a configurable bound P. The index bits: ** optimally selected by an update function

15 The BFSM Algorithm State Clusters: Improve the Scalability

16 The BFSM Algorithm Optimizations to BFSM: Don’t-care rules

17 The BFSM Algorithm State Encoding & Index Calculation

18 The Implementation of BFSM
Transition-rule Generation Distributed BFSM Approach Dynamic Incremental Updates Case Sensitivity and Regular Expression

19 The Implementation of BFSM
Introduction: Three examples Example1: P={“pattern”}

20 The Implementation of BFSM
Introduction: Three examples Example1: P={“pattern”}

21 The Implementation of BFSM
Introduction: Three examples Example2: P={“tesing”, ”pattern”}

22 The Implementation of BFSM
Example2: P={“tesing”, ”pattern”}

23 The Implementation of BFSM
Example3: P={“tesing”, ”testcase”}

24 The Implementation of BFSM
Example3: P={“tesing”, ”testcase”}

25 The Implementation of BFSM
Transition-Rule Generation

26 The Implementation of BFSM
Transition-Rule Generation

27 The Implementation of BFSM
Transition-Rule Generation

28 The Implementation of BFSM
Transition-Rule Generation

29 The Implementation of BFSM
Transition-Rule Generation

30 The Implementation of BFSM
Transition-Rule Generation P={“tesing”, ”testcase”}

31 The Implementation of BFSM
Distributed BFSM Approach

32 The Implementation of BFSM
Distributed BFSM Approach ** Improved performance ** Increased storage efficiency ** Increased flexibility

33 The Implementation of BFSM
Distributed BFSM Approach

34 The Implementation of BFSM
Case Sensitivity & Regular Expression Case Sensitivity: ** Process Separately

35 The Implementation of BFSM
Regular Expressions P={“abd|D”, ab*c}

36 The Implementation of BFSM
Dynamic Incremental Updates ** creating copies of the modified transition-rule tables ** creating the entire updated B-FSM and switching while reach state S0

37 The Pattern Matching Engine

38 Performance

39 Performance

40 Performance

41 Performance Virtex-4 with 1MB of block RAM 2K patterns 2~10 Gbps
ASIC: at least 20Gbps

42 Discussion!

Download ppt "High-Performance Pattern Matching for Intrusion Detection"

Similar presentations

4b Lexical analysis Finite Automata

4b Lexical analysis Finite Automata
Authors: Wei Lin, Bin Liu Publisher: ICPADS, 2008 (IEEE International Conference on Parallel and Distributed Systems) Presenter: Chia-Yi, Chu Date: 2014/03/05.

Authors: Wei Lin, Bin Liu Publisher: ICPADS, 2008 (IEEE International Conference on Parallel and Distributed Systems) Presenter: Chia-Yi, Chu Date: 2014/03/05.
CPSC 325 - Compiler Tutorial 4 Midterm Review. Deterministic Finite Automata (DFA) Q: finite set of states Σ: finite set of “letters” (input alphabet)

CPSC Compiler Tutorial 4 Midterm Review. Deterministic Finite Automata (DFA) Q: finite set of states Σ: finite set of “letters” (input alphabet)
Multi-dimensional Packet Classification on FPGA: 100Gbps and Beyond

Multi-dimensional Packet Classification on FPGA: 100Gbps and Beyond
1 An Efficient, Hardware-based Multi-Hash Scheme for High Speed IP Lookup Hot Interconnects 2008 Socrates Demetriades, Michel Hanna, Sangyeun Cho and Rami.

1 An Efficient, Hardware-based Multi-Hash Scheme for High Speed IP Lookup Hot Interconnects 2008 Socrates Demetriades, Michel Hanna, Sangyeun Cho and Rami.
DFA Minimization Jeremy Mange CS 6800 Summer 2009.

DFA Minimization Jeremy Mange CS 6800 Summer 2009.
Finite Automata CPSC 388 Ellen Walker Hiram College.

Finite Automata CPSC 388 Ellen Walker Hiram College.
Efficient Memory Utilization on Network Processors for Deep Packet Inspection Piti Piyachon Yan Luo Electrical and Computer Engineering Department University.

Efficient Memory Utilization on Network Processors for Deep Packet Inspection Piti Piyachon Yan Luo Electrical and Computer Engineering Department University.
Compiler Construction

Compiler Construction
Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Author: Anat Bremler-Barr, Yaron Koral, Shimrit Tzur David, David Hay Publisher:

Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Author: Anat Bremler-Barr, Yaron Koral, Shimrit Tzur David, David Hay Publisher:
Authors: Raphael Polig, Kubilay Atasu, and Christoph Hagleitner Publisher: FPL, 2013 Presenter: Chia-Yi, Chu Date: 2013/10/30 1.

Authors: Raphael Polig, Kubilay Atasu, and Christoph Hagleitner Publisher: FPL, 2013 Presenter: Chia-Yi, Chu Date: 2013/10/30 1.
A Memory-Efficient Reconfigurable Aho-Corasick FSM Implementation for Intrusion Detection Systems Authors: Seongwook Youn and Dennis McLeod Presenter:

A Memory-Efficient Reconfigurable Aho-Corasick FSM Implementation for Intrusion Detection Systems Authors: Seongwook Youn and Dennis McLeod Presenter:
1 Searching Very Large Routing Tables in Wide Embedded Memory Author: Jan van Lunteren Publisher: GLOBECOM 2001 Presenter: Han-Chen Chen Date: 2010/01/06.

1 Searching Very Large Routing Tables in Wide Embedded Memory Author: Jan van Lunteren Publisher: GLOBECOM 2001 Presenter: Han-Chen Chen Date: 2010/01/06.
1 The scanning process Goal: automate the process Idea: –Start with an RE –Build a DFA How? –We can build a non-deterministic finite automaton (Thompson's.

1 The scanning process Goal: automate the process Idea: –Start with an RE –Build a DFA How? –We can build a non-deterministic finite automaton (Thompson's.
1 ReCPU:a Parallel and Pipelined Architecture for Regular Expression Matching Department of Computer Science and Information Engineering National Cheng.

1 ReCPU:a Parallel and Pipelined Architecture for Regular Expression Matching Department of Computer Science and Information Engineering National Cheng.
1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.

1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.
Modified Data Structure of Aho-Corasick Project ECE-526 Spring 2006 Benfano Soewito, Ed Flanigan and John Pangrazio Southern Illinois University Carbondale.

Modified Data Structure of Aho-Corasick Project ECE-526 Spring 2006 Benfano Soewito, Ed Flanigan and John Pangrazio Southern Illinois University Carbondale.
Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.

Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.
1 ARCHITECTURES FOR BIT-SPLIT STRING SCANNING IN INTRUSION DETECTION Author: Lin Tan, Timothy Sherwood Publisher: IEEE MICRO, 2006 Presenter: Hsin-Mao.

1 ARCHITECTURES FOR BIT-SPLIT STRING SCANNING IN INTRUSION DETECTION Author: Lin Tan, Timothy Sherwood Publisher: IEEE MICRO, 2006 Presenter: Hsin-Mao.
Presentation by : Samad Najjar Enhancing the performance of intrusion detection system using pre-process mechanisms Supervisor: Dr. L. Mohammad Khanli.

Presentation by : Samad Najjar Enhancing the performance of intrusion detection system using pre-process mechanisms Supervisor: Dr. L. Mohammad Khanli.

Similar presentations

Ads by Google