High throughput token driven FSM based regex pattern matching for network intrusion detection system

Abstract

A single core SRAM memory with a unified memory controller is proposed for regex patterns which contains complex signatures. Many existing NIDS systems are based on token stream with dedicated hardware units to accommodate byte oriented matching with moderate network throughput rate. The overall NIDS performance metrics is degraded when the number of bytes in the database increased. It will lead the demands of coordinated payload monitoring scheme in any memory based digital NIDS system. In this work, a bit based pattern matching algorithm with FSM state transition is proposed which gives both parallel processing and network assertion payload validity check during the conversion of segments into tokens. The Finite State Machine state controller is used in early misdetection to optimize overall matching time in case of segments with multiple non-trivial tokens where the regex patterns are divided into sub-patterns and the concurrent matches are halted in a parallel manner. Finally synchronization problem during hierarchical state transition and vector matching over multiple pages unique SRAM controllers are used which is driven with fully down converted sub-groups. The efficiency of proposed NIDS system over moderate intrusion database process is proved in terms of classification rate. Hence, proposed NIDS system consumes lesser memory resources and it is verified through comparison with state-of-the-art methods.