Constraint Repetition Inspection for Regular Expression on FPGA

Author

Faezipour, Miad ; Nourani, Mehrdad

Author_Institution

Center for Integrated Circuits & Syst., Univ. of Texas at Dallas, Richardson, TX

fYear

2008

fDate

26-28 Aug. 2008

Firstpage

111

Lastpage

118

Abstract

Recent network intrusion detection systems (NIDS) use regular expressions to represent suspicious or malicious character sequences in packet payloads in a more efficient way. This paper introduces a new basic building block based on non-deterministic finite automata (NFA) hardware implementation to support complex constraint repetitions in regular expressions. This block is a customized counter capable of handling any type of constraint repetition, applicable to any sub-regular expression. We also introduce optimization techniques to reduce the area and improve the overall performance. We have implemented SNORT IDS regular expressions in hardware by taking advantage of the basic NFA building blocks, our proposed counting block and our proposed optimization techniques. We report experimental results for our architecture that verify area saving and performance improvement.

Keywords

field programmable gate arrays; finite automata; security of data; FPGA; constraint repetition inspection; field programmable gate arrays; network intrusion detection system; nondeterministic finite automata; regular expression; Automata; Computer languages; Counting circuits; Doped fiber amplifiers; Field programmable gate arrays; Hardware; Inspection; Integrated circuit interconnections; Intrusion detection; Payloads; Constraint Repetition Inspection; Network Intrusion Detection System; Non-deterministic Finite Automata; Regular Expression;

fLanguage

English

Publisher

ieee

Conference_Titel

High Performance Interconnects, 2008. HOTI '08. 16th IEEE Symposium on

Conference_Location

Stanford, CA

ISSN

1550-4794

Print_ISBN

978-0-7695-3380-3

Type

conf

DOI

10.1109/HOTI.2008.14

Filename

4618583