Conference paper

ČEŠKA Milan, HAVLENA Vojtěch, HOLÍK Lukáš, KOŘENEK Jan, LENGÁL Ondřej, MATOUŠEK Denis, MATOUŠEK Jiří, SEMRIČ Jakub and VOJNAR Tomáš. Deep Packet Inspection in FPGAs via Approximate Nondeterministic Automata. In: Proceedings of the 27th IEEE International Symposium On Field-Programmable Custom Computing Machines (FCCM'19). To be published in 2019. San Diego, CA: Institute of Electrical and Electronics Engineers, 2019, pp. 109-117. ISBN 978-1-72811-132-2.
Publication language:english
Original title:Deep Packet Inspection in FPGAs via Approximate Nondeterministic Automata
Title (cs):Použití přibližných nedeterministických automatů pro hluboká inspekci paketů v FPGA
Pages:109-117
Proceedings:Proceedings of the 27th IEEE International Symposium On Field-Programmable Custom Computing Machines (FCCM'19). To be published in 2019
Conference:The 27th IEEE International Symposium On Field-Programmable Custom Computing Machines -- FCCM'19
Place:San Diego, CA, US
Year:2019
ISBN:978-1-72811-132-2
DOI:10.1109/FCCM.2019.00025
Publisher:Institute of Electrical and Electronics Engineers
Keywords
intrusion detection system, deep packet inspection, finite automata, approximate reduction
Annotation
Deep packet inspection via regular expression (RE) matching is a crucial task of network intrusion detection systems (IDSes), which secure Internet connection against attacks and suspicious network traffic. Monitoring high-speed computer networks (100 Gbps and faster) in a single-box solution demands that the RE matching, traditionally based on finite automata (FAs), is accelerated in hardware. In this paper, we describe a novel FPGA architecture for RE matching that is able to process network traffic beyond 100 Gbps. The key idea is to reduce the required FPGA resources by leveraging approximate nondeterministic FAs (NFAs). The NFAs are compiled into a multi-stage architecture starting with the least precise stage with a high throughput and ending with the most precise stage with a low throughput. To obtain the reduced NFAs, we propose new approximate reduction techniques that take into account the profile of the network traffic. Our experiments showed that using our approach, we were able to perform matching of large sets of REs from Snort, a popular IDS, on unprecedented network speeds.
BibTeX:
@INPROCEEDINGS{
   author = {Milan {\v{C}}e{\v{s}}ka and Vojt{\v{e}}ch Havlena
	and Luk{\'{a}}{\v{s}} Hol{\'{i}}k and Jan
	Ko{\v{r}}enek and Ond{\v{r}}ej Leng{\'{a}}l and
	Denis Matou{\v{s}}ek and Ji{\v{r}}{\'{i}}
	Matou{\v{s}}ek and Jakub Semri{\v{c}} and
	Tom{\'{a}}{\v{s}} Vojnar},
   title = {Deep Packet Inspection in FPGAs via Approximate
	Nondeterministic Automata},
   pages = {109--117},
   booktitle = {Proceedings of the 27th IEEE International Symposium On
	Field-Programmable Custom Computing Machines (FCCM'19). To
	be published in 2019},
   year = {2019},
   location = {San Diego, CA, US},
   publisher = {Institute of Electrical and Electronics Engineers},
   ISBN = {978-1-72811-132-2},
   doi = {10.1109/FCCM.2019.00025},
   language = {english},
   url = {http://www.fit.vutbr.cz/research/view_pub.php?id=11951}
}

Your IPv4 address: 54.86.132.30