![Page 1: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/1.jpg)
1
Optimization of Regular Expression Pattern Matching Circuits on FPGA
Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.
Authors: Cheng-Hung Lin, Chih-Tsun Huang, Chang-Ping Jiang, and Shih-Chieh Chang
Publisher: IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, VOL. 15, NO. 12, DECEMBER 2007
Present: Chen-Rong Chang
Date: November, 12, 2008
![Page 2: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/2.jpg)
2
Outline
Introduction Implementation of NFA Regular expressions Sharing prefix common sub-patterns Sharing scheme for infix and suffix Flow of RE module generation The comparison
![Page 3: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/3.jpg)
3
Introduction
3
Regular expressions are widely used in the network intrusion detection system (NIDS) to represent attack patterns.
In contrast to software-only NIDS, many studies proposed hardware architectures for accelerating attack detection
Sidhu and Prasanna [1] proposed to construct an NFA (Nondeterministic Finite Automaton) from a regular expression to perform string matching. Hutchings,
Clark et al. [3] made excellent area and throughput by adding predecoded wide parallel inputs to traditional NFA implementations.
![Page 4: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/4.jpg)
Predecoder Scheme
4
![Page 5: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/5.jpg)
5
Simple NFA and implementation in logic
![Page 6: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/6.jpg)
6
Regular expressions for attacks’ description Regular expressions are a common way
to express attack patterns. In Snort, two type of regular expression
are used to describe attack pattern 1. The first type defines exact string
patterns such as pattern, "Ahhhh My Mouth Is Open.”
2. The second type consists of meta-characters( *,|,$,... )
![Page 7: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/7.jpg)
Regular expressions for attacks’ description (cont.)
Given a regular expression A partial expression ,is a prefix
of P if k<m. A partial expression ,is an infix
of P if j>1 and k<m And a partial expression is a
suffix of P if j>1.
Ex: expression => “networking.” The partial expression “net” is a prefix,
“work” is an infix, and “ing” is a suffix 7
![Page 8: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/8.jpg)
8
Sharing prefix common sub-patterns
![Page 9: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/9.jpg)
9
An erroneous implementation to share infix Dir
Input String => “PassSysDirUserGate”It may be mistaken as a match at the output of the upper blocksCalled “False positive”
![Page 10: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/10.jpg)
Sharing common Suffix
10
![Page 11: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/11.jpg)
11
Sharing scheme for infix and suffix
![Page 12: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/12.jpg)
12
Two patterns share common infix RC
Form: R1RcR1
R2RcR2
![Page 13: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/13.jpg)
13
Example of critical section problem
Pattern1: abcdefgh
Pattern2: dedefpq
![Page 14: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/14.jpg)
Cross-Subexpression
Definition: An expression ,is called the cross-subexpression of if is not a subexpression of and is a subexpression of
EX: R1=“abc” , R2=“def”
cross-subexpression:
“cde”,”cdef”,”bcd”,”bcde”,”bcdef”
14
![Page 15: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/15.jpg)
Necessary Condition
Theorem: If has the critical section problem, either is a cross-subexpression of , or I is a cross-subexpression of EX: R1= abc
R2= cde
RC= defgh As long as R1 or R2 is a cross-subexpression,
the critical section problem will happen.
15
![Page 16: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/16.jpg)
16
Sharing gain
The sharing gain of a common sub-pattern is defined to be the number of characters in the sub-pattern multiplies by the number of regular expressions having the sub-pattern.
For example, three regular expressions, “1Common1”, “2Common2”, and “3Common3” have the common sub-pattern “Common.” The sharing gain of the common sub-pattern is
6*3=18
![Page 17: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/17.jpg)
17
Flow of regular expression modulegeneration
![Page 18: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/18.jpg)
18
Logical structures for the proposedmeta-character components
![Page 19: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/19.jpg)
Logical structures for the proposedmeta-character components (cont.)
19
![Page 20: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/20.jpg)
20
Logical structures for the proposedmeta-character components (cont.)
![Page 21: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/21.jpg)
21
Implementation of NFA
![Page 22: 1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56649f305503460f94c4b6fc/html5/thumbnails/22.jpg)
22
The comparison among different approaches on Snort rule sets