基于分布式存储的正则表达式匹配算法设计与实现

随着网络带宽的快速增长，互联网正面临着日益严重的安全威胁。网络入侵检测系统(KIDS)利用模式匹配等技术对网络报文进行分析和检测，是防范网络威胁、保护网络安全的一种有效手段。但模式匹配消耗巨大的计算量，现有的技术难以满足10Gbps以上骨干网络KIDS的需求。提出了基于B1oom filter的细粒度并行模式匹配技术PBPM(Parallel-B1oom-filter-based multi-Pattern Matching) , PBPM利用多个相同的B1oom filter分别从输入文本的不同位置处并行匹配，每个周期可完成多个字符的匹配，显著提高了匹配速率。详细讨论了在FPGA上的实现方式，在Snort 2.9规则集上的测试结果表明，PBPM能够提供超过20Gbps的模式匹配需求。

Fine-grained Parallel Multi-pattern Matching for Backbone Network NIDS

As the network bandwidth continuously increases, the network security has been seriously threatened by malicious behaviors and risks. Network intrusion detection system (NIDS) is one of the efficient measures to cope with intrusion threats and protect information security, which employs pattern matching techniques to analyze incoming packs is and detect potential threats. However, pattern matching is such a compute-intensive task that most current techniques can't meet the demand of KIDS for backbone networks over lOGbps speed. We proposed a novel Bloom filter based approach for pattern matching, called PBPM (Parallel-Bloom-filter-based multi-Pattern Matching). PBPM employs multiple copies of the same Bloom filter to carry out parallel matching on different positions of the input text at the same time. The fine-grained parallel approach is able to skip multiple characters per clock when implemented on FPGAs, dramatically improving pattern matching performance. Experimental results on the rule set from Snort 2.9 show that the throughput of PBPM exceeds more than 20Gbps.