Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Hardware Architecture of Regular Expression Pattern Matching for Deep Packet Inspection

심층 패킷검사를 위한 정규표현식 패턴매칭 하드웨어 구조

  • Yun, Sang-Kyun (Dept. of Computer and Telecommunication Engineering, Yonsei University) ;
  • Lee, Kyu-Hee (Dept. of Computer and Telecommunication Engineering, Yonsei University)
  • 윤상균 (연세대학교 컴퓨터정보통신공학부) ;
  • 이규희 (연세대학교 컴퓨터정보통신공학부)
  • Received : 2011.02.18
  • Accepted : 2011.03.15
  • Published : 2011.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

Network Intrusion Detection Systems use regular expression to represent malicious packets and hardware-based pattern matching is required for fast deep packet inspection. Although hardware architectures for implementing constraint repetition operators such as {10} were recently proposed, they have some limitation. In this paper, we propose hardware architecture supporting constraint repetitions of general regular expression sub-patterns with lower logic complexity. The subpatterns supported by the proposed contraint repetition architecture include general regular expression patterns as well as a single character and fixed length patterns. With the proposed building block, we can implement more efficiently regular expression pattern matching hardwares.

최근의 네트워크 침입탐지 시스템들은 침입패턴을 나타내는 데 정규표현식을 사용하고 있으며 빠른 심층 패킷 검사를 위해서 하드웨어 기반의 패턴매칭이 필요하다. 하드웨어 기반 정규표현식 패턴매칭에 대한 많은 연구가 이루어졌으나 {10}과 같은 제한반복 연산자에 대한 구현은 제약이 있었다. 본 논문에서는 일반적인 정규표현식 서브패턴에 대한 제한반복을 더 낮은 하드웨어 복잡도로 구현할 수 있는 제한반복 블록 구조를 제시하였다. 제안된 제한반복 블록은 단일 문자, 고정길이 문자 뿐 만 아니라 일반적인 정규표현식 서브패턴의 제한반복 구현도 가능하다. 제안된 제한반복 블록 구조는 모든 제한반복을 펼치지 않고 구현할 수 있도록 하여 정규표현식 패턴매칭 하드웨어를 더 효율적으로 구현할 수 있도록 하였다.

Keywords

References

  1. Snort Web Site, http://www.snort.org
  2. Bro Intrusion Detection System, http://www.bro-ids.org
  3. Bleeding Edges, http://bleedingedges.net/
  4. Christopher R. Clark and D. E. Schimmel, "Scalable pattern matching for high speed networks," in IEEE Symp. on Field-Programmable Custom Computing Machines (FCCM'04), pp. 249-257, 2004.
  5. B. L. Hutchings, R. Franklin, et al. "Assisting network intrusion detection with reconfigurable hardware," in IEEE Symp. on Field-Programmable Custom Computing Machines (FCCM'02), pp. 111-120, 2002.
  6. J. Moscola, J. Lockwood, R. Loui, and M. Pachos, "Implementation of a content-scanning module for an Internet firewall," in IEEE Symp. on Field-Programmable Custom Computing Machines (FCCM'03), pp. 31-38, 2003.
  7. I. Sourdis and D. Pnevmatikatos, "Pre-decoded CAMs for Efficient and High-Speed NIDS PatternMatching," in IEEE Symp. on Field-Programmable CustomComputingMachines (FCCM'04), pp. 258-267, 2004.
  8. R. Sidhu and V.K. Prasanna, "Fast Regular Expression Matching using FPGAs," in IEEE Symp. on Field- Programmable Custom Computing Machines (FCCM'01), pp. 227-238, 2001.
  9. C.H. Lin, C.T. Huang, et al. "Optimization of regular expression pattern matching circuits on FPGA," in Proc. of Conference on Design, Automation and Test in Europe (DATE'06), pp. 12-17, 2006.
  10. Z.K. Baker, H.J. Jung and V.K. Prasanna, "Regular expression software deceleration for intrusion detection systems," in Int'l Conf. on Field Programmable Logic and Applications (FPL'06) pp. 418-425, 2006.
  11. B. C. Brodie, D. E. Taylor, and R. K. Cytron, "A scalable architecture for high-throughput regluar expression pattern matching," ACM SIGARCH Computer Architecture News, vol. 34, no. 2, pp. 191-202, 2006. https://doi.org/10.1145/1150019.1136500
  12. J. Bispo, I. Sourdis, J. Cardoso, and S. Vassiliadis, "Regular Expression Matching for Reconfigurable Packet Inspection," in IEEE Int'l Conf. on Field Programmable Techn.ology (FPT'06), pp. 119-126, 2006.
  13. I. Sourdis, S. Vassiliadis, J. Bispo, and J. Cardoso, "Regular Expression Matching in Reconfigurable Hardware," Journal of Signal Processing Systems, vol. 51, pp. 99-121, 2008. https://doi.org/10.1007/s11265-007-0131-0
  14. J. Bispo, and J. Cardoso, "Synthesis of regular expressions for FPGAs," International Journal of Electronics, vol. 95, no. 7, pp. 685-704, 2008. https://doi.org/10.1080/00207210801924107
  15. J. Ho and G. Lemieux, "PERG: a scalable FPGAbased pattern-matching Engine with Consolidated Bloomier Filters," in IEEE Int'l Conf. on Field Programmable Technology(FPT'08), pp.73-80, 2008.
  16. J. Ho and G. Lemieux, "PERG-Rx: a hardware pattern-matching engine supporting limited regular expressions," in proc. ACM/SIGDA Int'l. Symp. on Field programmable gate arrays (FPGA'09), pp. 257-260, 2009.