Singaraju et al., 2008 - Google Patents
FPGA based string matching for network processing applicationsSingaraju et al., 2008
- Document ID
- 890698802558376796
- Author
- Singaraju J
- Chandy J
- Publication year
- Publication venue
- Microprocessors and Microsystems
External Links
Snippet
String matching is a key problem in many network processing applications. Current implementations of this process using software are time consuming and cannot meet gigabit bandwidth requirements. Implementing this process in hardware improves the search time …
- 238000001514 detection method 0 abstract description 33
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30943—Information retrieval; Database structures therefor; File system structures therefor details of database functions independent of the retrieved data type
- G06F17/30964—Querying
- G06F17/30979—Query processing
- G06F17/30985—Query processing by using string matching techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30943—Information retrieval; Database structures therefor; File system structures therefor details of database functions independent of the retrieved data type
- G06F17/30946—Information retrieval; Database structures therefor; File system structures therefor details of database functions independent of the retrieved data type indexing structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup or address filtering
- H04L45/7453—Address table lookup or address filtering using hashing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30861—Retrieval from the Internet, e.g. browsers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30286—Information retrieval; Database structures therefor; File system structures therefor in structured data stores
- G06F17/30386—Retrieval requests
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup or address filtering
- H04L45/7457—Address table lookup or address filtering using content-addressable memories [CAM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Alicherry et al. | High speed pattern matching for network IDS/IPS | |
| Le et al. | A memory-efficient and modular approach for large-scale string pattern matching | |
| US8010481B2 (en) | Pattern matching technique for high throughput network processing | |
| Dharmapurikar et al. | Fast and scalable pattern matching for content filtering | |
| Clark et al. | Design of efficient FPGA circuits for matching complex patterns in network intrusion detection systems | |
| Shelly et al. | Flow caching for high entropy packet fields | |
| Weinsberg et al. | High performance string matching algorithm for a network intrusion prevention system (nips) | |
| Wang et al. | Memory-based architecture for multicharacter Aho–Corasick string matching | |
| Jiang et al. | Scalable multi-pipeline architecture for high performance multi-pattern string matching | |
| Thinh et al. | Applying cuckoo hashing for FPGA-based pattern matching in NIDS/NIPS | |
| Li et al. | Stateful Inspection firewall session table processing | |
| Singaraju et al. | A signature match processor architecture for network intrusion detection | |
| Suresh et al. | Efficient pattern matching algorithm for security and Binary Search Tree (BST) based memory system in Wireless Intrusion Detection System (WIDS) | |
| Ho et al. | PERG: A scalable FPGA-based pattern-matching engine with consolidated bloomier filters | |
| Kim et al. | A system architecture for high-speed deep packet inspection in signature-based network intrusion prevention | |
| Singaraju et al. | FPGA based string matching for network processing applications | |
| Cho et al. | Programmable hardware for deep packet filtering on a large signature set | |
| Guinde et al. | Efficient hardware support for pattern matching in network intrusion detection | |
| Fide et al. | A survey of string matching approaches in hardware | |
| Pao et al. | String searching engine for virus scanning | |
| Tripp | A finite-state-machine based string matching system for intrusion detection on high-speed networks | |
| Tseng et al. | A fast scalable automaton-matching accelerator for embedded content processors | |
| Lin et al. | A platform-based SoC design and implementation of scalable automaton matching for deep packet inspection | |
| Wang et al. | Hardware accelerator to detect multi-segment virus patterns | |
| Kumar et al. | Efficient regular expression pattern matching for network intrusion detection systems using modified word-based automata |