Article

Fast and scalable pattern matching for content filtering

Authors:

Sarang Dharmapurikar,

John LockwoodAuthors Info & Claims

ANCS '05: Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems

Pages 183 - 192

https://doi.org/10.1145/1095890.1095916

Published: 26 October 2005 Publication History

Get Access

Abstract

High-speed packet content inspection and filtering devices rely on a fast multi-pattern matching algorithm which is used to detect predefined keywords or signatures in the packets. Multi-pattern matching is known to require intensive memory accesses and is often a performance bottleneck. Hence specialized hardware-accelerated algorithms are being developed for line-speed packet processing. While several pattern matching algorithms have already been developed for such applications, we find that most of them suffer from scalability issues. To support a large number of patterns, the throughput is compromised or vice versa.We present a hardware-implementable pattern matching algorithm for content filtering applications, which is scalable in terms of speed, the number of patterns and the pattern length. We modify the classic Aho-Corasick algorithm to consider multiple characters at a time for higher throughput. Furthermore, we suppress a large fraction of memory accesses by using Bloom filters implemented with a small amount of on-chip memory. The resulting algorithm can support matching of several thousands of patterns at more than 10 Gbps with the help of a less than 50 KBytes of embedded memory and a few megabytes of external SRAM. We demonstrate the merit of our algorithm through theoretical analysis and simulations performed on Snort's string set.

References

[1]

http://www.snort.org.

Google Scholar

[2]

A. V. Aho and M. J. Corasick. Efficient string matching: an aid to bibliographic search. Commun. ACM, 18(6):333--340, 1975.

Digital Library

Google Scholar

[3]

Z. K. Baker and V. K. Prasanna. Time and area efficient pattern matching on FPGAs. In Proceeding of the 2004 ACM/SIGDA 12th International Symposium on Field Programmable Gate Arrays, pages 223--232. ACM Press, 2004.

Digital Library

Google Scholar

[4]

B. Bloom. Space/time trade-offs in hash coding with allowable errors. ACM, 13(7):422--426, May 1970.

Digital Library

Google Scholar

[5]

Y. Cho and W. Mangione-Smith. Fast reconfiguring deep packet filter for 1+ Gigabit network. In IEEE Symposium on Field-Programmable Custom Computing Machines, (FCCM), Napa, CA, Apr. 2005.

Digital Library

Google Scholar

[6]

C. R. Clark and D. E. Schimmel. Scalable multi-pattern matching on high-speed networks. In IEEE Symposium on Field-Programmable Custom Computing Machines, (FCCM), Napa, CA, Apr. 2004.

Digital Library

Google Scholar

[7]

D. L. Stephen. String Searching Algorithms. In Lectures Notes Series on Computing, volume 3, 1994.

Digital Library

Google Scholar

[8]

S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. W. Lockwood. Deep packet inspection using parallel Bloom filters. In IEEE Symposium on High Performance Interconnects (HotI), Stanford, CA, Aug. 2003.

Crossref

Google Scholar

[9]

L. Fan, P. Cao, J. Almeida, and A. Z. Broder. Summary cache: a scalable wide-area Web cache sharing protocol. IEEE/ACM Transactions on Networking, 8(3):281--293, 2000.

Digital Library

Google Scholar

[10]

I. Sourdis and D. Pnevmatikatos. Pre-decoded CAMs for efficient and high-speed NIDS pattern matching. In IEEE Symposium on Field-Programmable Custom Computing Machines, (FCCM), Napa, CA, Apr. 2004.

Digital Library

Google Scholar

[11]

Y. Sugawara, M. Inaba, and K. Hiraki. Over 10 Gbps string matching mechanism for multi-stream packet scanning systems. In Field Programmable Logic and Application: 14th International Conference, FPL, Antwerp, Belgium, Aug. 2004. Springer-Verlag.

Crossref

Google Scholar

[12]

N. Tuck, T. Sherwood, B. Calder, and G. Varghese. Deterministic memory-efficient string matching algorithms for intrusion detection. In IEEE Infocom, Hong Kong, China, Mar. 2004.

Google Scholar

[13]

F. Yu, R. Katz, and T. V. Lakshman. Gigabit rate packet pattern-matching using TCAM. In IEEE International Conference on Network Protocols (ICNP), Berlin, Germany, Oct. 2004.

Digital Library

Google Scholar

Cited By

View all

Hilgurt SChemerys O(2022)Reconfigurable signature-based information security tools of computer systems10.15407/akademperiodyka.458.297Online publication date: 2022
https://doi.org/10.15407/akademperiodyka.458.297
Kumar K V(2021)Network Intrusion Detection System in Latest DFA Compression Methods for Deep Packet ScrutingDesign, Applications, and Maintenance of Cyber-Physical Systems10.4018/978-1-7998-6721-0.ch010(219-243)Online publication date: 25-Jun-2021
https://doi.org/10.4018/978-1-7998-6721-0.ch010
Tohti THuang JHamdulla ATan X(2019)Text Filtering through Multi-Pattern Matching: A Case Study of Wu–Manber–Uy on the Language of UyghurInformation10.3390/info1008024610:8(246)Online publication date: 24-Jul-2019
https://doi.org/10.3390/info10080246
Show More Cited By

Index Terms

Fast and scalable pattern matching for content filtering
1. Networks
  1. Network services
    1. Network monitoring

Recommendations

Scalable multigigabit pattern matching for packet inspection

In this paper, we consider hardware-based scanning and analyzing packets payload in order to detect hazardous contents. We present two pattern matching techniques to compare incoming packets against intrusion detection search patterns. The first ...
A platform-based SoC design and implementation of scalable automaton matching for deep packet inspection

String matching plays a central role in packet inspection applications such as intrusion detection, anti-virus, anti-spam and Web filtering. Since they are computation and memory intensive, software matching algorithms are insufficient to meet the high-...
Fast and Scalable Pattern Matching for Network Intrusion Detection Systems

High-speed packet content inspection and filtering devices rely on a fast multipattern matching algorithm which is used to detect predefined keywords or signatures in the packets. Multipattern matching is known to require intensive memory accesses and ...

Comments

Information & Contributors

Information

Published In

ANCS '05: Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems

October 2005

230 pages

ISBN:1595930825

DOI:10.1145/1095890

General Chair:
Alan Berenbaum
SMSC
,
Program Chairs:
Kai Li
Princeton University, Princeton, NJ
,
Jonathan Turner
Washington University in St. Louis

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 October 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

ANCS05

Sponsor:

ANCS05: Symposium on Architecture for Networking and Communications Systems 2005

October 26 - 28, 2005

NJ, Princeton, USA

Acceptance Rates

Overall Acceptance Rate 88 of 314 submissions, 28%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

55
Total Citations
View Citations
1,030
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Hilgurt SChemerys O(2022)Reconfigurable signature-based information security tools of computer systems10.15407/akademperiodyka.458.297Online publication date: 2022
https://doi.org/10.15407/akademperiodyka.458.297
Kumar K V(2021)Network Intrusion Detection System in Latest DFA Compression Methods for Deep Packet ScrutingDesign, Applications, and Maintenance of Cyber-Physical Systems10.4018/978-1-7998-6721-0.ch010(219-243)Online publication date: 25-Jun-2021
https://doi.org/10.4018/978-1-7998-6721-0.ch010
Tohti THuang JHamdulla ATan X(2019)Text Filtering through Multi-Pattern Matching: A Case Study of Wu–Manber–Uy on the Language of UyghurInformation10.3390/info1008024610:8(246)Online publication date: 24-Jul-2019
https://doi.org/10.3390/info10080246
Bontupalli VYakopcic CHasan RTaha T(2018)Efficient Memristor-Based Architecture for Intrusion Detection and High-Speed Packet ClassificationACM Journal on Emerging Technologies in Computing Systems10.1145/326481914:4(1-27)Online publication date: 28-Nov-2018
https://dl.acm.org/doi/10.1145/3264819
Wang XPao D(2018)Memory-Based Architecture for Multicharacter Aho–Corasick String MatchingIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2017.275384326:1(143-154)Online publication date: Jan-2018
https://doi.org/10.1109/TVLSI.2017.2753843
Liao CLin C(2017)A Novel Parallel Dual-Character String Matching Algorithm on Graphical Processing UnitsAlgorithms and Architectures for Parallel Processing10.1007/978-3-319-65482-9_13(197-210)Online publication date: 11-Aug-2017
https://doi.org/10.1007/978-3-319-65482-9_13
Zheng KCai ZZhang XWang ZYang B(2015)Algorithms to speedup pattern matching for network intrusion detection systemsComputer Communications10.1016/j.comcom.2015.02.00462:C(47-58)Online publication date: 15-May-2015
https://dl.acm.org/doi/10.1016/j.comcom.2015.02.004
Huo SZhang DLi Y(2015)Fast and Scalable Regular Expressions Matching with Multi-Stride Index NFAAlgorithms and Architectures for Parallel Processing10.1007/978-3-319-27137-8_43(597-610)Online publication date: 16-Dec-2015
https://doi.org/10.1007/978-3-319-27137-8_43
Niang B(2014)Bandwidth management — A deep packet inspection mathematical model2014 6th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT)10.1109/ICUMT.2014.7002098(169-175)Online publication date: Oct-2014
https://doi.org/10.1109/ICUMT.2014.7002098
Lee THuang N(2013)A pattern-matching scheme with high throughput performance and low memory requirementIEEE/ACM Transactions on Networking10.1109/TNET.2012.222488121:4(1104-1116)Online publication date: 1-Aug-2013
https://dl.acm.org/doi/10.1109/TNET.2012.2224881
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Scalable multigigabit pattern matching for packet inspection

A platform-based SoC design and implementation of scalable automaton matching for deep packet inspection

Fast and Scalable Pattern Matching for Network Intrusion Detection Systems

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations