Optimization of Regular Expression Pattern Matching Circuits on FPGA - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Optimization of Regular Expression Pattern Matching Circuits on FPGA

Description:

Largest seven sets of Snort and three sets of Trend Micro ... We would like to thank the following experts of Trend Micro Inc. ... – PowerPoint PPT presentation

Number of Views:133
Avg rating:3.0/5.0
Slides: 24
Provided by: chengh
Category:

less

Transcript and Presenter's Notes

Title: Optimization of Regular Expression Pattern Matching Circuits on FPGA


1
Optimization of Regular Expression Pattern
Matching Circuits on FPGA
  • Cheng-Hung Lin, Chih-Tsun Huang,
  • Chang-Ping Jiang, and Shih-Chieh Chang
  • National Tsing Hua University, Taiwan

2
Outline
  • Difficulties of designing pattern matching
    circuits for regular expression
  • Architecture for pattern matching circuits
  • Module generator for pattern matching circuits
  • Experimental results conclusions

3
Introduction
  • Regular expressions are widely used in Network
    Intrusion Detection System (NIDS) .
  • Different hardware architectures for acceleration
    using FPGA.
  • Accommodate large number of regular expressions
    on FPGA.

4
Regular Expression Matching Circuits
  • Each regular expression is mapped into a circuit
    module.
  • Ex a circuit module matching Pass

o
o
o
o
1
1
1
1
1
i
i
i
1
1
i
1
1
F/F
F/F
F/F
F/F
P
a
s
s
1
1
1
1
P
a
s
s
Text input
5
Share Common Prefixes
  • Reduce area by circuit sharing.
  • Sharing prefix technique was proposed by B.L.
    Hutchings in 2002.

Prefix
1
Root
User
Dir
Win
Pass
1
Root
Net
Dir
Sys
Pass
6
Sharing Infix and Suffix
  • More opportunities in sharing common infix and
    suffix
  • Require more complex considerations

Infix
Suffix
1
Root
User
Dir
Win
Pass
Root
Net
Dir
Sys
7
Problems in Sharing Infix
  • Common infix cannot be shared directly
  • Sys Dir User will be mistaken to be a match

1
1
User
Dir
Win
Sys Dir User
1
Net
Sys
8
Problem of Sharing Suffix
  • Common suffix cannot be shared directly
  • Cannot differentiate which virus pattern is
    matched by only one output

?
1
9
Outline
  • Difficulties of designing pattern matching
    circuits for regular expression
  • Architecture for pattern matching circuits
  • Module generator for pattern matching circuits
  • Experimental results conclusions

10
Sharing Architecture
  • Switch module memorize triggering source
  • DeMux guide Rc to trigger appropriate next block

R1
R1
1
DeMux
R2
R2
1
Rc


m
Switch module
1
Rm
Rm

11
Example
  • Sys Dir User will NOT be mistaken to be a match

1
1
1
User
Dir
Win
0
Sys
Dir
User
1
0
0
0
Net
Sys
Switch module
1
1
1
12
Critical-Section Problem
  • The switch module memorizes only one triggering.
  • Other prefix block cannot trigger the shared
    block until the shared block completes the
    expression-matching.

13
Critical-Section Problem
  • Fail to match the string abcdefgh because
    def module is re-triggered again.
  • The switch module will redirect def block to
    the wrong block.
  • Avoid the sharing when it is possible to have the
    critical-section problem

1
0
gh
abc
def
abc
de
gh
f
abc def gh
0
1
de
pq
0
1
Switch module
1
0
14
Theorem
  • Definition R1 is a sub-expression of R2R3 but
    is not a sub-expression of R2. ?R1 is the
    cross-sub expression of R2R3
  • Theorem If Rc has the critical section problem,
    R1 must be a cross-sub expression of R2Rc or R2
    must be a cross-sub expression of R1Rc.

15
Outline
  • Difficulties of designing pattern matching
    circuits for regular expression
  • Architecture for pattern matching circuits
  • Module generator for pattern matching circuits
  • Experimental results conclusions

16
Regular Expression Module Generator
Obtain regular expressions from the virus database
Extract and share common prefix
Extract an infix or suffix sub-pattern with
largest sharing gain
NO
Verify the extracted sub-pattern against the
theorem
YES
Generate RTL code
17
Outline
  • Difficulties of designing pattern matching
    circuits for regular expression
  • Architecture for pattern matching circuits
  • Module generator for pattern matching circuits
  • Experimental results conclusions

18
Experimental Environment
  • Largest seven sets of Snort and three sets of
    Trend Micro
  • Compared with the technique of sharing prefixes
  • Synthesis and PR tool Xilinx ISE7.1i
  • Target FPGA Xilinx Virtex XCV2000E

19
Experimental Results on Snort
20
Experimental Results on Trend Micro
21
Conclusions
  • A novel sharing architecture to share infix and
    suffix.
  • An algorithm and a theorem to automatically
    generate regular expression matching circuits.
  • 42 of area reduction on Snort and 20 on Trend
    Micro.

22
Acknowledgement
  • We would like to thank the following experts of
    Trend Micro Inc.,
  • Ming Deng (Group Project Manager),
  • Sarah Chin (Project Manager),
  • Chris Lo (QA Manager),
  • Vic Lo (Development Manager),
  • Kenneth Kuo (Development Manager),
  • Viking Ho (Sr. Engineer),
  • Porpoise Chiang (Project Lead),
  • Ronaldo Mier (QA Project Lead), and
  • Kent Chiang (Engineer)
  • for their constructive inputs.

23
Thank You!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Optimization of Regular Expression Pattern Matching Circuits on FPGA" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!