In EDS ansehen

ENREM: An efficient NFA-based regular expression matching engine on reconfigurable hardware for NIDS.

Gespeichert in:
Bibliographische Detailangaben
Titel: ENREM: An efficient NFA-based regular expression matching engine on reconfigurable hardware for NIDS.
Autoren: Hieu, Tran Trung1 hieutt@cse.hcmut.edu.vn, Thinh, Tran Ngoc1, Tomiyama, Shigenori2
Quelle: Journal of Systems Architecture. Apr2013, Vol. 59 Issue 4/5, p202-212. 11p.
Schlagwörter: *COMPUTER network security, *MATCHING theory, *ADAPTIVE computing systems, *COMPUTER input-output equipment, *INTRUSION detection systems (Computer security), *PROBLEM solving
Abstract: Abstract: Regular expression is a critical mechanism in modern network security and widely used in network intrusion detection system to describe malicious patterns. In order to speed up the pattern matching process, a number of studies have been investigated to implement regular expression matching on reconfigurable hardware. Several optimizations have been proposed, however the problem of sharing sub-patterns between multiple regular expressions is not solved completely. In this paper we present ENREM, an Efficient NFA-based Regular Expression Matching Engine on reconfigurable hardware. We introduce a new infix and suffix sharing architecture and employ it along with several techniques to optimize the required area of pattern matching circuits. In addition we developed tools for automatically generating the Verilog HDL source code of ENREM circuit from any given set of Perl compatible regular expression patterns. In order to evaluate proposed architecture, we exploit Snort rules and implement ENREM on Xilinx Virtex-II Pro XC2VP-50 FPGA. The system is tested on NetFPGA platform with DARPA intrusion detection as input data to verify the accuracy of circuit. The experimental results show that ENREM can reduce 42% LUTs and 32% FlipFlops compared with previous approaches while maintains high-speed matching throughput from 1.45 to 2.35Gbps. [Copyright &y& Elsevier]
Datenbank: Academic Search Index
FullText Text:
  Availability: 0
CustomLinks:
  – Url: https://resolver.ebscohost.com/openurl?sid=EBSCO:asx&genre=article&issn=13837621&ISBN=&volume=59&issue=4%2F5&date=20130401&spage=202&pages=202-212&title=Journal of Systems Architecture&atitle=ENREM%3A%20An%20efficient%20NFA-based%20regular%20expression%20matching%20engine%20on%20reconfigurable%20hardware%20for%20NIDS.&aulast=Hieu%2C%20Tran%20Trung&id=DOI:10.1016/j.sysarc.2013.03.013
    Name: Full Text Finder
    Category: fullText
    Text: Full Text Finder
    Icon: https://imageserver.ebscohost.com/branding/images/FTF.gif
    MouseOverText: Full Text Finder
  – Url: https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=EBSCO&SrcAuth=EBSCO&DestApp=WOS&ServiceName=TransferToWoS&DestLinkType=GeneralSearchSummary&Func=Links&author=Hieu%20TT
    Name: ISI
    Category: fullText
    Text: Nájsť tento článok vo Web of Science
    Icon: https://imagesrvr.epnet.com/ls/20docs.gif
    MouseOverText: Nájsť tento článok vo Web of Science
Header DbId: asx
DbLabel: Academic Search Index
An: 89101452
RelevancyScore: 1205
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 1204.61633300781
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: ENREM: An efficient NFA-based regular expression matching engine on reconfigurable hardware for NIDS.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Hieu%2C+Tran+Trung%22">Hieu, Tran Trung</searchLink><relatesTo>1</relatesTo><i> hieutt@cse.hcmut.edu.vn</i><br /><searchLink fieldCode="AR" term="%22Thinh%2C+Tran+Ngoc%22">Thinh, Tran Ngoc</searchLink><relatesTo>1</relatesTo><br /><searchLink fieldCode="AR" term="%22Tomiyama%2C+Shigenori%22">Tomiyama, Shigenori</searchLink><relatesTo>2</relatesTo>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Journal+of+Systems+Architecture%22">Journal of Systems Architecture</searchLink>. Apr2013, Vol. 59 Issue 4/5, p202-212. 11p.
– Name: Subject
  Label: Subject Terms
  Group: Su
  Data: *<searchLink fieldCode="DE" term="%22COMPUTER+network+security%22">COMPUTER network security</searchLink><br />*<searchLink fieldCode="DE" term="%22MATCHING+theory%22">MATCHING theory</searchLink><br />*<searchLink fieldCode="DE" term="%22ADAPTIVE+computing+systems%22">ADAPTIVE computing systems</searchLink><br />*<searchLink fieldCode="DE" term="%22COMPUTER+input-output+equipment%22">COMPUTER input-output equipment</searchLink><br />*<searchLink fieldCode="DE" term="%22INTRUSION+detection+systems+%28Computer+security%29%22">INTRUSION detection systems (Computer security)</searchLink><br />*<searchLink fieldCode="DE" term="%22PROBLEM+solving%22">PROBLEM solving</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: Abstract: Regular expression is a critical mechanism in modern network security and widely used in network intrusion detection system to describe malicious patterns. In order to speed up the pattern matching process, a number of studies have been investigated to implement regular expression matching on reconfigurable hardware. Several optimizations have been proposed, however the problem of sharing sub-patterns between multiple regular expressions is not solved completely. In this paper we present ENREM, an Efficient NFA-based Regular Expression Matching Engine on reconfigurable hardware. We introduce a new infix and suffix sharing architecture and employ it along with several techniques to optimize the required area of pattern matching circuits. In addition we developed tools for automatically generating the Verilog HDL source code of ENREM circuit from any given set of Perl compatible regular expression patterns. In order to evaluate proposed architecture, we exploit Snort rules and implement ENREM on Xilinx Virtex-II Pro XC2VP-50 FPGA. The system is tested on NetFPGA platform with DARPA intrusion detection as input data to verify the accuracy of circuit. The experimental results show that ENREM can reduce 42% LUTs and 32% FlipFlops compared with previous approaches while maintains high-speed matching throughput from 1.45 to 2.35Gbps. [Copyright &y& Elsevier]
PLink https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=asx&AN=89101452
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1016/j.sysarc.2013.03.013
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 11
        StartPage: 202
    Subjects:
      – SubjectFull: COMPUTER network security
        Type: general
      – SubjectFull: MATCHING theory
        Type: general
      – SubjectFull: ADAPTIVE computing systems
        Type: general
      – SubjectFull: COMPUTER input-output equipment
        Type: general
      – SubjectFull: INTRUSION detection systems (Computer security)
        Type: general
      – SubjectFull: PROBLEM solving
        Type: general
    Titles:
      – TitleFull: ENREM: An efficient NFA-based regular expression matching engine on reconfigurable hardware for NIDS.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Hieu, Tran Trung
      – PersonEntity:
          Name:
            NameFull: Thinh, Tran Ngoc
      – PersonEntity:
          Name:
            NameFull: Tomiyama, Shigenori
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 04
              Text: Apr2013
              Type: published
              Y: 2013
          Identifiers:
            – Type: issn-print
              Value: 13837621
          Numbering:
            – Type: volume
              Value: 59
            – Type: issue
              Value: 4/5
          Titles:
            – TitleFull: Journal of Systems Architecture
              Type: main
ResultId 1