Abstract
Pattern matching using Aho-Corasick (AC) algorithm is the most time-consuming task in an Intrusion Detection System, and therefore, the Field Programmable Gate Array (FPGA) based solutions are frequently employed. In this context, the two possibilities are memory based solutions and hardwired solution. The limitation of memory based solutions is the inefficient utilization of slices while the hardwired solutions require a tremendous amount of effort and time as writing Hardware Description Language (HDL) code for thousands of rules is prone to human errors. Consequently, the contributions of this article are twofold. The first contribution is to develop a tool for the automatic generation of Verilog-HDL code from the rule set. The second contribution is to propose an efficient parallel hardware implementation scheme and compare it with a serial hardware implementation scheme in terms of various design parameters such as resource utilization, operational frequency and throughput. The proposed parallel scheme advocates the division of entire rule set into smaller sub-sets for parallel execution. Experimental results reveal that the proposed tool can generate the target code for 10,000 rules in less than a minute without any error. The automatic generation of target code has allowed to perform a comprehensive design space exploration for the parallel implementation of AC algorithm in quick time. Finally, our Xilinx ZC702 evaluation FPGA board based prototype for 10,000 rules can efficiently examine the packet stream coming at a bit rate of 1.56 Gbps at an operational frequency of 195 MHz.
Similar content being viewed by others
References
Singh G, Khare N (2021) A survey of intrusion detection from the perspective of intrusion datasets and machine learning techniques. Int J Comput Appl 10:1–11
M. Imran, F. Bashir, A. R. Jafri, M. Rashid, M. N. Islam, “A Systematic Review of Scalable Hardware Architectures for Pattern Matching in Network Security”, Computers and Electrical Engineering, vol. 92, 107169, June 2021.
Aho V, Corasick MJ (1975) Efficient String Matching: An Aid to Bibliographic Search. Commun ACM 18:333–340
D. R. V. L. B. Thambawita, R. G. Ragel and D. Elkaduwe, “An optimized Parallel Failure-less Aho-Corasick algorithm for DNA sequence matching”, IEEE International Conference on Information and Automation for Sustainability, Galle, 2016, pp. 1–6.
M. Rashid, M. Imran, A. R. Jafri, Turki Al-Somani, “Flexible Architectures for Cryptographic Algorithms - A Systematic Literature Review”, Journal of Circuits, Systems and Computers, vol. 28, No. 3, 2019.
Snort Intrusion Detection System. [Online]. Available: http://www.snort.org
M. M. Iqbal, F. Husain, H. Parvez, and M. Rashid, “An Application Specific Reconfigurable Architecture with Reduced Area and Static Memory Cells”, Journal of Circuits, Systems and Computers, vol. 29, no. 8, 2020.
M. Rashid, M. Imran and A. R. Jafri, “Exploration of Hardware Architectures for String Matching Algorithms in Network Intrusion Detection Systems”, Proceedings of the 11th International Conference on Advances in Information Technology, article 3, Bangkok, Thailand, pp. 1–7, 2020.
Kim H-Y, Xu L, Shi W, Suh T (2021) A Secure and Flexible FPGA-Based Blockchain System for the IoT. Computer 54(2):50–59
Q. Hu, Se-Young Yu, M. R. Asghar, “Analyzing performance issues of open-source intrusion detection systems in high-speed networks”, Journal of Information Security and Applications, vol. 51, article number 102426, 2020.
Tumeo, O. Villa, and D. G. Chavarria-Miranda, “Aho-Corasick string matching on shared and distributed-memory parallel architectures,” IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 3, pp. 436–443, 2012.
C.-H. Lin, C.-H. Liu, S.-C. Chang, and W.-K. Hon, “Memory-efficient pattern matching architectures using perfect hashing on graphic processing units,” in Proc. IEEE INFOCOM, 2012, pp. 1978–1986.
Zha X, Sahni S (2013) GPU-to-GPU and host-to-host multipattern string matching on a GPU. IEEE Trans Comput 62(6):1156–1169
R. Lu and D. Pao, “Optimized Aho-Corasick string matching algorithm for smart phones,” in Proc. IEEE CNS, 2016, pp. 342–343,2017
Chen C, Wang S (2013) An Efficient Multicharacter Transition String-Matching Engine Based on the Aho-Corasick Algorithm. ACM Transactions on Architecture and Code Optimization (TACO) 10(4):1–22
X. Wang and D. Pao, "Memory-Based Architecture for Multicharacter Aho–Corasick String Matching," in IEEE Transactions on Very Large-Scale Integration (VLSI) Systems, vol. 26, no. 1, pp. 143–154, 2018.
J. Qu, G. Zhang, Z. Fang, J. Liu, X. Liu and F. Li, “A Parallel Aho-Corasick Algorithm with Non-deterministic Finite Automaton Based on OpenMP”, 7th Inter. Conference on Advanced Communication and Networking, Kota Kinabalu, 2015, pp. 52–55.
V. Dimopoulos, I. Papaefstathiou and D. Pnevmatikatos, “A Memory-Efficient Reconfigurable Aho-Corasick FSM Implementation for Intrusion Detection Systems”, 2007 International Conference on Embedded Computer Systems: Architectures, Modeling and Simulation, Samos, Greece, 2007, pp. 186–193.
P.M.K. Tharaka, D.M.D. Wijerathne, N. Perera, D.V.A Pasqual, “Runtime Rule-Reconfigurable High Throughput NIPS on FPGA”, International Conference on Field Programmable Technology (ICFPT), 2017.
PAO, W. LIN and B. LIU, “A Memory-Efficient Pipelined Implementation of the Aho-Corasick String-Matching Algorithm”, ACM Transactions on Architecture and Code Optimization (TACO), vol. 7 no.2, pp. 1–27, 2010.
N. Jain, M.K. Jain, “Synthesis of Aho-Corasick Algorithm for Network Processor”, International Journal of Engineering Research in Computer Science and Engineering (IJERCSE), vol. 4, no 12, 2017.
Kim H (2015) A Failureless Pipelined Aho-Corasick Algorithm for FPGA-Based Parallel String-Matching Engine. Lecture Notes in Electrical Engineering (LNEE) 339:157–164
Erdem O (2016) Tree-based string pattern matching on FPGAs. Comput Electr Eng 49:117–133
Katashita T, Yamaguchi Y, Maeda A, Kenji T (2007) FPGA-based intrusion detection system for 10 gigabit ethernet. IEICE Trans Inf Syst 90(12):1923–1931
V. Aho and M. Ganapathi, “Efficient tree pattern matching: an aid to code generation”, In ACM Symposium on Principles of Programming Languages, POPL’85, pages 334–340. Assoc. Comput. Mach. Press, 1985.
Chu P (2011) FPGA prototyping by Verilog examples: Xilinx Spartan-3 Version. Wiley, Somerset
User guide, “7 Series FPGA Configurable Logic Blocks “Available online https://www.xilinx.com/support/documentation/user_guides/ug474_7Series_CLB.pdf
Acknowledgements
The authors are thankful to Bahria University for providing all the facilities and equipment to carry out this research. The authors also like to express gratitude for all the CRC lab. members for their support and friendly research environment.
Funding
Higher Education Pakistan.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Najam-ul-Islam, M., Zahra, F.T., Jafri, A.R. et al. Auto implementation of parallel hardware architecture for Aho-Corasick algorithm. Des Autom Embed Syst 26, 29–53 (2022). https://doi.org/10.1007/s10617-021-09257-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10617-021-09257-7