A Hardware Accelerated Packet Processing Platform with Memory-Efficient Pattern Matching Engines
Date Issued
2008
Date
2008
Author(s)
Ieong, Tou
Abstract
A Network Intrusion Detection System (NIDS) collects known signatures of network threats and carries out pattern matching between packet payload and signatures to protect our network. Signatures are often represented by regular expressions and pattern matching occupied most of computing time in an NIDS. To keep the network operating at full speed, hardware accelerators are used in pattern matching. In this thesis, we extended the History based Counting Finite Automaton (H-cFA) to Bitmap H-cFA, which used a bitmap data structure to store the "walked" states and recorded the repeat count in a history buffer to reduce the total number of states in finite automata. Bitmap H-cFA not only kept the low memory characteristic but also provided more support in regular expression formats, making a more generalized pattern matching engine. We also presented a hardware accelerated packet processing platform, which allowed pattern matching intellectual properties (IPs) to be tested in FPGA. The proposed packet processing platform consisted of a packet payload extractor and a TCP packet header parser. It could easily be integrated with a pattern matching engine to test the system. We implemented the proposed packet processing platform and the pattern matching engine in a Xilinx ML405 FPGA development board and obtained a processing throughput of 231 Mbps.
Subjects
Pattern Matching
Regular Expressions
Packet Processing Platform
Type
thesis
File(s)![Thumbnail Image]()
Loading...
Name
ntu-97-R95921090-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):99532c320fcbbed9c41132f17228969d