Page Enabled FSM Model For Multi Rate- High Throughput Regex Pattern Matching System

  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract

    In recent years demands for high throughput NIDS systems are emerged with compatible Wildcard support for the detection of irregular patterns like ClamAV. In this work we presented a single-compound FSM based state transition controller for regular ASCII based patterns and counter enabled score generation model for regex patterns which contains both repeated characters and don’t cares void segments. In many existing digital NIDS systems are token-stream based approaches were used with dedicated memory units to accommodate byte oriented matching with moderate network payload speed. The NIDS efficiency is largely depends on both intrusion byte size and the size of database. To mitigate this problem memory based digital NIDS system requires coordinated pattern matching. In this work, FSM based one hot state encoding model with bit wise state transition controller is proposed which gives both parallel task and high throughput payload validity check. Here during the payload monitoring if input segments are aggregated as tokens, the state transition controller is used to enable the counter for token model and state transitions are carried out based on the regex patterns received and the concurrent matches that are halted in parallel manner. To avoid clock synchronization over concurrent matching process and variable rate matching process page wise integration of each sub groups are carried out which is driven by ADPLL unit. The performance metrics of FSM state controlled payload monitoring is proved in terms of speed and memory efficiency over state-of-art-the-art methods. Here in our proposed NIDS system consumes lesser memory resources and it is verified through comparison with state-of-the-art methods.



  • Keywords

    Regex patterns, Parallel processing, FSM, PAGE, Strings, tokens.

  • References

      [1] Dharmapurikar, S.; and Lockwood, J.W. (2006). Fast and scalable pattern matching for network intrusion detection systems. IEEE Journal on Selected Areas in Communications, 24(10), 1781-1792.

      [2] Aho, A.V.; and Corasick, M.J. (1975). Efficient string matching: an aid to bibliographic search. Communications of the ACM, 18(6), 333-340.

      [3] Tuck, N.; Sherwood, T.; Calder, B.; and Varghese, G. (2004). Deterministic memory-efficient string matching algorithms for intrusion detection. In INFOCOM Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies, 2628-2639.

      [4] Xu, J.; Kalbarczyk, Z.; Patel, S.; and Iyer, R.K. (2002). Architecture support for defending against buffer overflow attacks. In Workshop on Evaluating and Architecting Systems for Dependability.


      [6] Boyer, R.S.; and Moore, J.S. (1977). A fast string searching algorithm. Communications of the ACM, 20(10), 762-772.

      [7] Sourdis, I.; and Pnevmatikatos, D. (2003). Fast, large-scale string matches for a 10Gbps FPGA-based network intrusion detection system. In International Conference on Field Programmable Logic and Applications, 880-889.

      [8] PCRE – Perl Compatible Regular Expressions,

      [9] Pao, D.; Wang, X.; Wang, X.; Cao, C.; and Zhu, Y. (2011). String searching engine for virus scanning. IEEE Transactions on Computers, 60(11), 1596-1609.

      [10] Gupta, A.; Thakur, H.K.; Gupta, T.; and Yadav, S. (2017). Regular Pattern Mining (With Jitter) On Weighted-Directed Dynamic Graphs. Journal of Engineering Science and Technology, 12(2), 349-364.

      [11] Pao, D.; and Wang, X. (2012). Multi-stride string searching for high-speed content inspection. The Computer Journal, 55(10), 1216-1231.

      [12] Or, N.L.; Wang, X.; and Pao, D. (2016). MEMORY-based hardware architectures to detect ClamAV virus signatures with restricted regular expression features. IEEE Transactions on Computers, 65(4), 1225-1238.




Article ID: 22083
DOI: 10.14419/ijet.v7i4.19.22083

Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.