A Novel Pattern Matching method for memory reduction

applications using AC_Algorithm

Under the Esteemed guidance of

Mr.G.F.Harish reddyM.Tech.

By
Outline:
Introduction
Objective
Conventional technique and proposed solution
Simulation and synthesis results
Comparisons
Conclusion and future scope
References
Introduction
Intrusion detection covers a broad range of digital security
intelligence , confidentiality.

THE MAIN purpose of a network intrusion detection system is to

prevent malicious network attacks by identifying known attack
patterns.

Due to the increasing complexity of network traffic and the growing

number of attacks, an intrusion detection system must be efficient.

The primary function of an intrusion detection system is to

perform matching of attack string patterns. Because string matching
is the most competitive task in network intrusion detection (NIDS)
systems
Conventional technique and calm
proposed solution: prmv
hksd
Traditional pattern matching : cell
Many traditional pattern matchinhg call abcd
Matching search for given input pattern
one by one from first to last .
call
hany
hall

calm
Aho-corasic pattern matching: prmv
In AC pattern matching algorithm the first hksd
letter of given input string will be searched call cell
with the first letter of all patterns in data
abcd
call
hany
hall
Objective of the project:
In this project, we propose a memory-efficient pattern
matching algorithm which can significantly reduce the number
of states and transitions by merging pseudo-equivalent states
while maintaining correctness of string matching.

In the current scenario network security is emerging the

world. Matching large sets of patterns against an incoming
stream of data is a fundamental task in several fields such as
network security
Basic concept of the proposed project

Fig(a):Traditional approach(fsm)

Fig(b):Our novel approach(merg fsm)

Ctnd.
The sharing gain of common substrings is defined as the length of
common substrings multiplied by the number of patterns sharing the
common substrings.

For example, three patterns, 1common1, 2common2, and

3common3 have the common substrings common.

The sharing gain of the common substrings is 6*3=18 because the

substring common has six characters which are shared by three
patterns. In the final stage, we merge the extracted common substrings
and generate the transition table.
 A.C. algorithm
when a current state and an input character is given to the AC machine first checks
whether there is a valid transition for the input character; otherwise, the machine jumps
to the next state where the failure transition points. Then, the machine recursively
considers the same input character until the character causes a valid transition.

(a)FSM FOR A.C (b)Transition Table FOR A.C

CONCEPT OF MERGING:

To reuse memory states

Which states to be merged Pseudo equivalent states

The states are said to be as pseudo equivalent states if its previous

and current states are equal .

Prev state: The state in which the fsm state is processing is

called the prev state

Next state : The state in which the fsm to be processed is

called next state

Curr state : The state in which the memory is stored is called the
curr state
After merging

In, above technique, there is a chance of occurring error.

Therefore, we can go for state traversal mechanism.
 The chance of occurrence of error is
because ,As we are merging the states we
can not identify the actual state in merged
state.

so,there is a necessary of assigning path

vectors& if_final bits.
 Construction of state diagram &

Assigning path vectors & If _final

Fig(a):FSM Fig(b):MERG_FSM
 Each state stores the pathVec and ifFinal as
the form, pathVec_ ifFinal

pathvec: if there exists a path from the initial state to

a final state, which matches a string pattern, the
corresponding bit of the pathVec of the states on the
path will be set to 1. Otherwise, they are set to 0

Iffinal :To indicate whether the state is a final state

Eg: states 4 and 8 are final states,.
Traditional AC Algorithm Proposed (AC Alg +merge)

Total no. of states:9 Total no. of states:7

Tools used:

Software: Xilinx ISE 13.4.

Programming Language:VHDL.
Project simulation results (Wave form of pattern not matched)
Project simulation results (Wave form of pattern two matched)
Project simulation results (Wave form of pattern not matched)
Design summary report of ac_algorithm
Design summary report of proposed ac_algorithm code
 Conclusion:
We have presented a high-speed and scalable pattern matching algorithm that uses
multi-character transitions on finite state automata to increase the throughput, and
also leverages a clever transition optimization technique to reduce the memory
requirements.

Since the number of states in merg_FSM can be drastically smaller than the original
FSM, it results in a much smaller memory size.

The new algorithm achieves memory reductioncompared with the

traditional AhoCorasick algorithm..
FUTURE SCOPE:

To extend the proposed architecture with variety of

algorithms to enhance security related issues.

To extend this project to implement more transactions like

out of order.
REFERENCES
R. Sidhu and V. K. Prasanna, Fast regular expression matching
using FPGAS, in Proc. 9th Ann. IEEE Symp. Field-Program. Custom
Comput. Mach. (FCCM), 2001, pp. 227238.

L. Tan and T. Sherwood, A high throughput string matching architecture for

intrusion detection and prevention, in Proc. 32nd Annu. Int Symp. Comput.
Arch. (ISCA), 2005, pp. 112122.
N. Tuck, T. Sherwood, B. Calder, and G. Varghese, Deterministic
memory-efficien string matching algorithms for intrusion detection,
in Proc. 23nd Conf. IEEE Commun. Soc. (INFOCOMM), Mar. 2004,
pp. 26282639.
F. Yu, Z. Chen, Y. Diao, T. V. Lakshman, and R. H. Katz, Fast and memory-
efficient regular expression matching for deep packet inspection,in Proc.
ACM/IEEE Symp. Arch. Netw. Commun. Syst. (ANCS),2006, pp. 93102.

F. Yu, R. H. Katz, and T. V. Lakshman, Gigabit rate packet patternmatching

using TCAM, in Proc. 12th IEEE Int. Conf. Netw. Protocols
(ICNP), 2004, pp. 174183.
 C. H. Lin, C. T. Huang, C. P. Jiang, and S. C. Chang, Optimization of pattern matching circuits for
regular expression on FPGA ,IEEE Trans. Very Large Scale Integr. (VLSI) Syst., vol. 15, no. 12,
pp.13031310, Dec. 2007.

Cheng-Hung Lin, Member, IEEE, and Shih-Chieh Chang, Member, IEEE, EFFICIENT
PATTERN MATCHING ALGORITHM FOR MEMORY ARCHITECTURE, IEEE TRANSACTIONS
ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, VOL. 19, NO. 1, JANUARY 2011
ANY QUERIES