Automation of FPGA Implementation of Regular Expressions in Snort and N-gram Analysis to Find High Frequency Patterns

DOI
  • FUKUDA Masahiro
    Japan Advanced Institute of Science and Technology,National Institute of Technology, Ishikawa College
  • INOGUCHI Yasushi
    Japan Advanced Institute of Science and Technology

Bibliographic Information

Other Title
  • Snortの正規表現マッチングのFPGA実装の自動化と高頻度パターンを見つけるためのN-gram分析

Abstract

As a representative Network-based Intrusion Detection and Prevention System (NIDPS), Snort detects cyber attacks by Regular Expression Matching (REM) and many studies using FPGA have been done so far from the viewpoint of processing speed and memory size. In this paper, we propose a resource saving method by extracting high frequency appearance patterns from many regular expressions in Snort and commonalize them by applying N-gram analysis. The contributions are to automate the generation of executable REM modules on FPGAs and to reduce resource usage as a whole by commonalizing high frequency appearance patterns. We confirmed that the number of LUT of FPGA implementation of Non-deterministic Finite Automaton (NFA) for regular expressions in Snort 2.9.11.1 can be reduced to 0.69 ttimes as the case witthout the proposed method by applying our method and Merged-states Non-deterministic Finite Automaton with Unbounded string transition (MNFAU). In this paper, we evaluate the resource usage and the maximum clock frequency of this module in XC7VX485.

Journal

Details 詳細情報について

Report a problem

Back to top