关键词: 多模式匹配，字符串匹配，B1oom filter, PBPM, NIDS

Abstract: As the network bandwidth continuously increases, the network security has been seriously threatened by malicious behaviors and risks. Network intrusion detection system (NIDS) is one of the efficient measures to cope with intrusion threats and protect information security, which employs pattern matching techniques to analyze incoming packs is and detect potential threats. However, pattern matching is such a compute-intensive task that most current techniques can't meet the demand of KIDS for backbone networks over lOGbps speed. We proposed a novel Bloom filter based approach for pattern matching, called PBPM (Parallel-Bloom-filter-based multi-Pattern Matching). PBPM employs multiple copies of the same Bloom filter to carry out parallel matching on different positions of the input text at the same time. The fine-grained parallel approach is able to skip multiple characters per clock when implemented on FPGAs, dramatically improving pattern matching performance. Experimental results on the rule set from Snort 2.9 show that the throughput of PBPM exceeds more than 20Gbps.

Key words: Multi-pattern matching, String matching, Bloom filter, PBPM, NIDS