This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
2010 18th IEEE Annual International Symposium on Field-Programmable Custom Computing Machines
A Memory-Efficient and Modular Approach for String Matching on FPGAs
Charlotte, North Carolina, USA
May 02-May 04
ISBN: 978-0-7695-4056-6
In Network Intrusion Detection Systems (NIDSs), string matching demands exceptionally high performance to match the content of network traffic against a predefined database of malicious patterns. Much work has been done in this field; however, they result in low memory efficiency. Due to the available on-chip memory and the number of I/O pins of Field Programmable Gate Arrays (FPGAs), state-of-the-art designs cannot support large dictionaries without using high-latency external DRAM. We propose a novel Memory efficient Architecture for large-scale String Matching (MASM), based on pipelined binary search tree. With memory efficiency close to 1 byte/char, MASM can support a dictionary of over 4 MBytes, using a single FPGA device. The architecture can also be easily partitioned, so as to use external SRAM to handle even larger dictionaries of over 8 MBytes. Our implementation results show a sustained throughput of 3.5 Gbps, even when external SRAM is used. The MASM module can be simply duplicated to accept multiple characters per cycle, leading to scalable throughput with respect to the number of characters processed in each cycle. Dictionary update involves only rewriting the memory content, which can be done quickly without reconfiguring the chip.
Index Terms:
FPGA, string matching, NIDS, NIPS, deep packet inspection
Citation:
Hoang Le, Viktor K. Prasanna, "A Memory-Efficient and Modular Approach for String Matching on FPGAs," fccm, pp.193-200, 2010 18th IEEE Annual International Symposium on Field-Programmable Custom Computing Machines, 2010
Usage of this product signifies your acceptance of the Terms of Use.