Regular Expression Matching for Reconfigurable Packet Inspection - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Regular Expression Matching for Reconfigurable Packet Inspection

Description:

Heavily used in some applications (focus on Intrusion Detection Systems) ... (Caret) . (Dot) $ (Dolar) 'a' (Character) 15. Implementation. Exactly Block {N} ... – PowerPoint PPT presentation

Number of Views:76
Avg rating:3.0/5.0
Slides: 24
Provided by: ceEtTu
Category:

less

Transcript and Presenter's Notes

Title: Regular Expression Matching for Reconfigurable Packet Inspection


1
Regular Expression Matching for Reconfigurable
Packet Inspection
Netherlands
  • João Bispo
  • Ioannis Sourdis
  • João Cardoso
  • Stamatis Vassiliadis

Portugal
2
Introduction
  • Motivation
  • Snort
  • Implementation
  • Experimental Results
  • Conclusions
  • Future Work

3
Motivation
  • Heavily used in some applications (focus on
    Intrusion Detection Systems)
  • High Parallelism

Goal synthesis of all regular expressions of a
NIDS rule-set onto an FPGA, achieving
an area-efficient and high-throughput solution
4
SNORT Introduction
  • NIDS - Network Intrusion Detection System
  • Snort Sniffer Rules
  • Static Patterns and Regular Expressions

5
SNORT Regular Expressions
  • PCRE Format (Perl Compatible Regular Expressions)
  • Example

/GET\s\x2f\n900/smi
6
SNORT Regular Expressions
7
Implementation Regular Expressions Synthesis
  • Automatic generation of hardware from PCRE
    Regular Expressions
  • Automatic testing of generated design

8
Implementation Basics
  • Based on Sidhu and Prasanna work
  • One-Hot Encoding
  • Substring matching
  • Basic Operations
  • , , a, ab, ()

b900 -gt bb bbbbbbbbbbbb bbbbbbbbbb
b -gt bb
((ab))(cd)
9
Implementation Global View
Regular Expressions
8-bit ASCII Decoder
a
Input String
b
256
9
Character Classes
10
Implementation Global View
Regular Expressions
8-bit ASCII Decoder
a
Input String
b
C2\s
256
COPYs432,
9
\s
s
Character Classes
C2
COPY
11
Implementation - Global View
Regular Expressions
8-bit ASCII Decoder
a
Input String
b
C2\s
256
COPYs432,
9
\s
s
Character Classes
C2
COPY
12
Implementation Global View
Regular Expressions
8-bit ASCII Decoder
a
Input String
b
C2\s
256
COPYs432,
9
\s
s
Character Classes
C2
COPY
13
Implementation Global View
Regular Expressions
8-bit ASCII Decoder
a
Input String
b
C
256
9
\s
s
Character Classes
OPY
14
Implementation Blocks
15
Implementation Exactly Block N
  • Compact storage of states

16
Implementation AtLeast Block N,
  • No need to store all states

17
Experimental Results SNORT Characteristics
18
Experimental Results FPGA Utilization
19
Experimental Results Comparison
  • PEM Throughtput Chars / Area

20
Conclusions
  • Implemented a complete set of SNORT regular
    expressions (500)
  • Almost automatic generation of hardware from
    standard PCRE regular expressions
  • Good use of Xilinx primitives avaliable on Virtex
    FPGAs

21
Future Work
  • Virtualization of Hardware
  • Sharing Strategies
  • Multiple Characters per cycle
  • Constraint Repetitions of whole regular
    expressions

22
Regular Expression Matching for Reconfigurable
Packet Inspection
Thank You!
Netherlands
  • João Bispo
  • Ioannis Sourdis
  • João Cardoso
  • Stamatis Vassiliadis

Portugal
23
Implementation Between Block N, M
  • Mix between two previous blocks
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Regular Expression Matching for Reconfigurable Packet Inspection" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!