Title :
Scalable pattern matching for high speed networks
Author :
Clark, Christopher R. ; Schimmel, David E.
Author_Institution :
Sch. of Electr. &comput. Eng., Georgia Inst. of Technol., Atlanta, GA, USA
Abstract :
In this paper, we present a scalable FPGA design methodology for searching network packet payloads for a large number of patterns, including complex regular expressions. The efficiency of the technique enables a current-generation FPGA device to support pattern-matching at network rates from 1 Gbps to 100 Gbps and beyond. It offers flexible trade-offs between character capacity, throughput, and data bus width and rate. This allows the approach to be used in a wide range of devices from low-end home network appliances to high-end backbone routers. Suitable network applications for the FPGA pattern-matcher include firewalls, network intrusion detection, email virus scanning, and junk-email identification. In this work, we use a standard set of patterns from an intrusion detection system to demonstrate the performance and scalability of our design with a real-world application.
Keywords :
computer networks; computer viruses; field programmable gate arrays; logic design; pattern matching; security of data; 1 to 100 Gbit/s; FPGA design method; FPGA pattern matcher; backbone routers; complex regular expressions; email virus scanning; firewalls; flexible trade offs; high speed networks; home network appliances; junk email identification; network intrusion detection; scalable pattern matching; searching network packet payloads; Design methodology; Field programmable gate arrays; High-speed networks; Home appliances; Home automation; Intrusion detection; Pattern matching; Payloads; Spine; Throughput;
Conference_Titel :
Field-Programmable Custom Computing Machines, 2004. FCCM 2004. 12th Annual IEEE Symposium on
Print_ISBN :
0-7695-2230-0
DOI :
10.1109/FCCM.2004.50
