Title :
Research and improvement of Pre-decode pattern matching circuit
Author :
LiTian ; Yao, Su Ying
Author_Institution :
Microelectron. Dept., Tianjin Univ., Tianjin
Abstract :
For application of network intrusion detection system (NIDS), an improved circuit structure corresponds to the complex regular expressions pattern matching is achieved. Adopting the combination of hardware circuit, this structure completely supports regular expression functions and the Snort rule set. To realize the target of maximum pattern capacity and throughput in high speed, this design has optimized the structure and minimized circuit areas by 54%. With Pre-decode method, parallel character and prefix tree, the structure is lower cost and wider applicability. The whole current Snort rule set with 3263 rules can be stored into Virtex4 FPGA against traffic at 3.68 GHz.
Keywords :
computer networks; field programmable gate arrays; pattern matching; security of data; trees (mathematics); Virtex4 FPGA; frequency 3.68 GHz; hardware circuit; network intrusion detection system; parallel character; predecode pattern matching circuit; prefix tree; Accidents; Circuits; Communication system security; Field programmable gate arrays; Hardware; Intrusion detection; Microelectronics; Pattern matching; Robotics and automation; Throughput; FPGA; NIDS; Parallel Character; Pre-decode; Prefix Tree; Regular Expressions;
Conference_Titel :
Control, Automation, Robotics and Vision, 2008. ICARCV 2008. 10th International Conference on
Conference_Location :
Hanoi
Print_ISBN :
978-1-4244-2286-9
Electronic_ISBN :
978-1-4244-2287-6
DOI :
10.1109/ICARCV.2008.4795569
