By Topic

A multiple regular expressions matching architecture for network intrusion detection system

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Wei Zhang ; Dept. of Computer Sci. & Tech. Tsinghua University Beijing, 100084, China ; Tian Song ; Dongsheng Wang

Regular expressions are increasingly used in network security applications. Multiple regular expressions matching is one of the most important performance bottlenecks in those systems. This paper proposes a new hardware-based multiple regular-expressions matching architecture, called MRM, for network intrusion detection system. It shows that traditional algorithm, such as AC, has to face the serious spatial explosion problem when simultaneously detecting a large number of regular expressions because of constrained repetitions. MRM utilizes hardware RAM modules to share matching signals and exploits hardware register counting to implement constrained repetitions. This paper also proposes a software compiler to construct the hardware architecture and generate information in MRM's RAMs for the given regular expressions. Experiments in actual snort and bro regular expression sets show that MRM can achieve the high throughput of 2.1 Gbps and 2.8 Gbps on Virtex2 and Virtex4 devices respectively.

Published in:

Communications and Networking in China, 2008. ChinaCom 2008. Third International Conference on

Date of Conference:

25-27 Aug. 2008