On-Line data compression for efficient string matching in reconfigurable hardware

Intrusion Prevention Systems (IPSs) have become widely recognized as a powerful tool and an important element of IT security safeguards. Essential to every network IPS is the ability to search through packets and identify patterns that match known attacks. Efficient string matching algorithms are therefore important for identifying theSe packets at line rate. In previous articles algorithms like AhcrCorasick, KarJrRabin, Bloom filters and their hardware implementation architectures were presented. The result of the current work is a fixed dictionary data compression module that preprocesses input stream for lower resource usage of the main string matching module. The prepared module matches the extended set of Snort IPS signatures achieving throughput of over 1.7 Ghps on the Altera Stratix II device. The compression preprocessing module reduces the size of pattern database by 40 % and diminishes the module memory resource usage by 30%. The proposed compression scheme can be used with every pattern matching algorithm, both in the software and hardware implementation.