Академический Документы
Профессиональный Документы
Культура Документы
I. INTRODUCTION
Authorized licensed use limited to: National Cheng Kung University. Downloaded on January 5, 2010 at 06:44 from IEEE Xplore. Restrictions apply.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
to the memory size, reducing the memory size has become proposed a sharing architecture which significantly reduces
imperative. circuit areas by sharing common infix and suffix sub-patterns.
Certain complicated virus string patterns can be represented From the perspectives of reconfigurability and scalability,
by regular expressions. For example, the pattern for detecting memory architectures are attractive because memory is flexible
the internet radio protocol is represented as and scalable. The AhoCorasick (AC) algorithm [1] is the most
. For memory architecture, only few pre- popular algorithm which allows for matching multiple string
vious works [15], [29] proposed to reduce the complexity of reg- patterns. Aldwairi et al. [2] proposed a configurable string
ular expressions. Still, majority of the patterns are exact string matching accelerator based on a memory implementation of
patterns. For example in Snort V2.4, there are 85% of exact the AC FSM. Tan et al. [27] proposed the bit-split algorithm
string patterns. In this paper, we focus on reducing the memory partitioning a large AC state machine into small state machines
size of the exact string patterns. We observe that many string to significantly reduce the memory requirements. Jung et al.
patterns are similar because of common sub-strings. However, [14] presented an FPGA implementation of the bit-split string
when string patterns are compiled into an FSM, the similarity matching architecture. Piyachon et al. [22] proposed to reduce
does not lead to a small FSM. Consider the same example in the memory size by relabeling states of AC state machine. Ad-
Fig. 1 where two string patterns have a common sub-string cd. ditionally, Piyachon et al. [23] proposed to use Label Transition
Because of the common sub-string, state 2 has similar state Table and CAM-based Lookup Table to significantly reduce the
transitions to those of state 6. Similarly, states 3 and 7 have memory size. Cho et al. [6], [7] proposed a hash-based pattern
similar transitions. However, states 2 and 6, states 3 and 7 matching co-processor where memory is used to store the list
are not equivalent states and cannot be merged directly. We call of substrings and the state transitions. Dharmapurikar et al.
a state machine merging those non-equivalent similar states, [11] proposed a pattern matching algorithm which modifies the
merg_FSM. AC algorithm to consider multiple characters at a time.
In this paper, we propose a state-traversal mechanism on Furthermore, the content addressable memories (CAM) is
a merge_FSM while achieving the same purposes of pattern also widely used for string matching because it can match the
matching. Since the number of states in merg_FSM can be entire pattern at once when the pattern is shifted past the CAM.
drastically smaller than the original FSM, it results in a much Gokhale et al. [12] used CAM to perform parallel search at a
smaller memory size. We also show that hardware needed to high speed. Sourdis et al. [25] applied the pre-decoded tech-
support the state-traversal mechanism is limited. Experimental nique for the CAM-based pattern matching to reduce the area.
results show that our algorithm achieves 21% of memory Additionally, Yu et al. [30] presented a ternary content address-
reduction compared with the traditional AC algorithm for total able memory (TCAM)-based multiple-pattern matching which
string patterns of Snort [24]. In addition, since our approach can handle complex patterns, correlated patterns, and patterns
is complementary to other memory reduction approaches, we with negation.
can obtain substantial gain even after applying to the existing The hash-based approach was proposed to utilize Bloom filter
state-of-the-art algorithms. For example, after integrating with for deep packet inspection. Dharmapurikar et al. [10] proposed a
the bit-split algorithm [27], we can gain 24% of memory hashing-table lookup mechanism utilizing parallel bloom filters
reduction. to enable large number of fixed-length strings to be scanned in
hardware. Lockwood et al. [19] proposed an intelligent gateway
based on Bloom filter that provides Internet worm and virus
II. RELATED RESEARCHES protection in both local and wide area networks.
In this section, we review several related researches in this
area. In the past few years, many algorithms and hardware III. REVIEW OF AC ALGORITHM
designs are proposed to accelerate pattern matching. The hard- In this section, we review the AC algorithm. Among all
ware approaches can be classified into two main categories, memory architectures, the AC algorithm has been widely
logic and memory architectures. The logic architectures mostly adopted for string matching in [2], [14], [15], [22], [23], [27]
use on-chip logic resources of field-programmable gate array because the algorithm can effectively reduce the number of
(FPGA) to convert regular expression pattern into parallel state transitions and therefore the memory size. Using the same
state machines or combinatorial circuits because FPGA allows example as in Figs. 1 and 3 shows the state transition diagram
for updating new attack patterns. Sidhu et al. [26] proposed derived from the AC algorithm where the solid lines represent
algorithm to compile regular expression patterns into combi- the valid transitions while the dotted lines represent a new type
natorial circuits based on nondeterministic finite automaton of state transition called the failure transitions.
(NFA). Hutchings et al. [13] developed a module generator that The failure transition is explained as follows. Given a cur-
shared common prefixes to reduce the circuit area on FPGA. rent state and an input character, the AC machine first checks
Moscola et al. [21] presented a content-scanning module on whether there is a valid transition for the input character; oth-
FPGA for an internet firewall. Clark et al. [8] improved area erwise, the machine jumps to the next state where the failure
and throughput by adding predecoded wide parallel inputs to transition points. Then, the machine recursively considers the
traditional NFA implementations. Baker et al. [5] presented same input character until the character causes a valid transi-
a pre-decoded multiple-pipeline shift-and-compare matcher tion. Consider an example when an AC machine is in state 1
which reduced routing complexity and comparator size by con- and the input character is . According to the AC state table in
verting incoming characters into many bit lines. Lin et al. [16] Fig. 4, there is no valid transition from state 1 given the input
Authorized licensed use limited to: National Cheng Kung University. Downloaded on January 5, 2010 at 06:44 from IEEE Xplore. Restrictions apply.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
LIN AND CHANG: EFFICIENT PATTERN MATCHING ALGORITHM FOR MEMORY ARCHITECTURE 3
Authorized licensed use limited to: National Cheng Kung University. Downloaded on January 5, 2010 at 06:44 from IEEE Xplore. Restrictions apply.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Fig. 7. New data structure, pathVec, and ifFinal. Fig. 8. New state diagram of merg_FSM.
First of all, we would like to mention that in a traditional Definition: Two states are defined as pseudo-equivalent
AC state machine, a final state stores the corresponding match states if they have identical input transitions, identical failure
vector which is one-hot encoded. For example in Fig. 3, state transitions, and identical ifFinal bit, but different next states.
4, the final state of the first string pattern bcdf, stores the In Fig. 7, states 2 and 6 are pseudo-equivalent states be-
match vector and state 8, the final state of cause they have identical input transitions , identical failure
the second string pattern pcdg, stores the match vector of transitions to state 0 and identical ifFinal bit 0. Also, state
. Except for the final states, the other states 3 and state 7 are pseudo-equivalent states. In our algorithm,
store simply to express those states are not the pseudo-equivalent states 2 and 6 are merged to be state
final states. One-hot encoding for a match vector is necessary 26 and states 3 and 7 are merged to be state 37, as shown in
because a final state may represent more than one matched string Fig. 8. The pathVec_ifFinal are updated by taking the union
pattern [5]. Therefore, the width of the match vector is equal to on the pathVec_ifFinal of the merged states. Therefore, the
the number of string patterns. As shown in Fig. 4, the majority pathVec_ifFinal of states 26 and 37 are modified to be {11_0}.
of memories in the column match vector store the zero vec- In addition, we need a register, called preReg, to trace the
tors {00} which are not efficient. precedent pathVec in each state. The width of preReg is equal to
In our design, we reuse those memory spaces storing zero the width of pathVec. Each bit of the preReg also corresponds
vectors {00} to store useful path information called pathVec. to a string pattern. The preReg is updated in each state by per-
First, each bit of the pathVec corresponds to a string pattern. forming a bitwise AND operation on the pathVec of the next state
Then, if there exists a path from the initial state to a final state, and its current value. By tracing the precedent path entering into
which matches a string pattern, the corresponding bit of the the merged state, we can differentiate all merged states. When
pathVec of the states on the path will be set to 1. Otherwise, the final state is reached, the value of the preReg indicates the
they are set to 0. Consider the string pattern bcdf whose final match vector of the matched pattern. During the state traversal,
state is state 4 in Fig. 7. The path from state 0, via states 1, 2, 3 if all the bits of the preReg become 0, the machine will go to
to the final state 4 matches the first string pattern bcdf. There- the failure mode and choose the failure transition as in the AC
fore, the first bit of the pathVec of the states on the path, {state algorithm. After any failure transition, all the bits of the preReg
0, state 1, state 2, state 3, and state 4}, is set to 1. Similarly, the are reset to 1.
path from state 0, via states 5, 6, 7 to the final state 8 matches Consider an example in Fig. 9 where the string pcdf is ap-
the second string pattern pcdg. Therefore, the second bit of plied. Initially, in state 0, the preReg is initialized to
the pathVec of the states on the path, {state 0, state 5, state 6, . After taking the input character , the merg_FSM goes
state 7, and state 8}, is set to 1. In addition, we add an additional to state 5 and updates the preReg by performing a bitwise AND
bit, called ifFinal, to indicate whether the state is a final state. operation on the pathVec {10} of state 5 and the current preReg
For example, because states 4 and 8 are final states, the ifFinal {11}. The resulting new value of the preReg will be
bits of states 4 and 8 are set to 1, the others are set to 0. As . Then, after taking the input character ,
shown in Fig. 7, each state stores the pathVec and ifFinal as the the merg_FSM goes to state 26 and updates the preReg by per-
form, pathVec_ ifFinal. Compared with the original AC state forming a bitwise AND operation on the pathVec {11} of state
machine in Fig. 3, we only add an additional bit to each state. 26 and the current preReg {10}. The preReg remains
We have mentioned that in this example, states 2 and 6, states . Further, after taking the input char-
3 and 7 are similar because they have similar transitions. How- acter , the merg_FSM goes to state 37 and updates the preReg
ever, they are not equivalent. Note that two states are equivalent by performing a bitwise AND operation on the pathVec {11}
if and only if their next states are equivalent. In Fig. 7, states 3 of state 37 and the current preReg {10}. The preReg remains
and 7 are similar but not equivalent because for the same input . Finally, after taking the
, state 3 takes a transition to state 4 while state 7 takes a failure input character , the merg_FSM goes to state 4. After per-
transition to state 0. Similarly, state 2 and state 6 are not equiv- forming a bitwise AND operation on the pathVec {01} of state
alent states because their next states, state 3 and state 7, are not 4 and the current preReg {10}, the preReg becomes
equivalent states. . According to our algorithm, during the
In our algorithm, we define such similar states as pseudo- state traversal, if all the bits of the preReg become 0, the machine
equivalent states. The definition is as follows. will go to the failure mode and choose the failure transition as
Authorized licensed use limited to: National Cheng Kung University. Downloaded on January 5, 2010 at 06:44 from IEEE Xplore. Restrictions apply.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
LIN AND CHANG: EFFICIENT PATTERN MATCHING ALGORITHM FOR MEMORY ARCHITECTURE 5
Authorized licensed use limited to: National Cheng Kung University. Downloaded on January 5, 2010 at 06:44 from IEEE Xplore. Restrictions apply.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
Fig. 16. AC state machine for the two patterns, abcdef and wdebcg.
In the second step, our algorithm extracts and merges the Fig. 18. Algorithm for extracting substrings.
pseudo-equivalent states. Notice that merging pseudo-equiv-
alent states includes merging the failure transitions and
performing the union on the pathVec of the merged states. sponding pseudo-equivalent states can be merged without loop
Consider the same example as shown in Fig. 14. We can find back problems.
that states 3, 8, and 13 are pseudo-equivalent states because Fig. 18 shows the pseudo code of our algorithm to find
they have identical input transitions , identical failure tran- common substrings without the loop back problem. First, all
sitions to state 0 and identical ifFinal 0. Similarly, states 4, common sub-strings are extracted by the longest common
9, and 14 are pseudo-equivalent states and states 5, 10, and substring algorithm [9]. The algorithm can report all of the
15 are pseudo-equivalent states. As shown in Fig. 15, those common substrings. Then, the common substrings are la-
pseudo-equivalent states are merged to states 3_8_13, 4_9_14 beled as new sequences. Next, we use the longest common
and 5_10_15, respectively. The pathVec of state 3_8_13 is subsequence (LCS) algorithm [20] to find all of the longest
modified to be subsequence common to all strings. The results from the LCS
by performing the union on the pathVec of state 3, state 8, and algorithm guarantee that there will be no loop back transition.
state 13. Similarly, the pathVec of states 4_9_14 and 5_10_15 is For example, consider the two patterns, abcdefghijklm and
also modified to be {111}. Fig. 15 shows the final state diagram abcwsghidefxyklm. Using the longest common substring
of our state traversal machine. Compared with the original AC algorithm, we can extract all of the common substrings of these
state machine in Fig. 14, six states are eliminated. two patterns such as abc, def, ghi and klm. Then, we
label the substrings abc, def, ghi, and klm as , ,
VII. LOOP BACK IN MERGED STATES and , respectively. Therefore, the sequence of substrings
When certain cases of multiple sections of pseudo-equiva- in abcdefghijklm is labeled as while the sequence
lent states are merged, it may create loop back problem in a of substrings in abcwsghidefxyklm is labeled as .
state machine. The reason for the loop back problem comes We subsequently use LCS algorithm to find all of the longest
from merging common sub-patterns with different sequences. common subsequences among the two new sequences,
For example, the two patterns, abcdef and wdebcg, have and and the results are or . Therefore,
common sub-patterns, bc and de, which appear in different we can merge the subsequences of (abc), (ghi) and
sequences. Fig. 16 shows the corresponding state machine. (klm) or the subsequences of (abc), (def) and
Because of the common sub-patterns, bc, states 2 and 10, (klm) without the loop back problem. Notice that the result
states 3 and 11 are pseudo-equivalent states. And, because of of LCS may not be unique. In Section IX, we will define a gain
the common sub-patterns, de, states 4 and 8, states 5 and 9 are function to choose subsequences to be merged.
also pseudo-equivalent states. Merging the pseudo-equivalent
states will create a loop back transition from state 5 to state 2, as VIII. HARDWARE ARCHITECTURE
shown in Fig. 17. The loop transition may cause false positive Fig. 19 shows our hardware module which can be config-
matching results. For example, the input string abcdebcdef ured for matching 16 or 32 patterns with a state machine con-
will be mistaken as a match of the pattern abcdef. taining 1024 valid transitions at most. In Fig. 19, the register,
In other words, as long as the common substrings appear in called address_register, is used to store the current state and
sequence, merging the corresponding pseudo-equivalent states the input character. The valid_memory is used to store the in-
will not result in loop back transitions. Therefore, in our pro- formation of valid_state, pathVec, and ifFinal corresponding to
gram, we record and identify the orders of common sub-pat- each valid transition while the failure_memory is used to store
terns. If the common sub-patterns appear in sequence, the corre- the failure_state corresponding to each failure transition. In this
Authorized licensed use limited to: National Cheng Kung University. Downloaded on January 5, 2010 at 06:44 from IEEE Xplore. Restrictions apply.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
LIN AND CHANG: EFFICIENT PATTERN MATCHING ALGORITHM FOR MEMORY ARCHITECTURE 7
TABLE I
EXPERIMENTAL RESULTS AFTER APPLYING OUR ALGORITHM TO THE AC ALGORITHM.
Authorized licensed use limited to: National Cheng Kung University. Downloaded on January 5, 2010 at 06:44 from IEEE Xplore. Restrictions apply.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
TABLE II
EXPERIMENTAL RESULTS AFTER APPLYING OUR ALGORITHM TO THE BIT-SPLIT ALGORITHM
TABLE III
HARDWARE COMPARISONS WITH PREVIOUS APPROACHES
the Table I, the Oracle rule set has 337 patterns with 11 128 As shown in Table III, our design has better memory utiliza-
characters. Using the traditional AC algorithm, the number tion and memory efficiency than [2], [6], [27], [28], [30].
of transitions and states are 6793 and 6804, respectively. The
memory size is 49 267 bytes. Integrating our algorithm to the X. CONCLUSION
AC algorithm, the number of transitions and states are reduced We have presented a memory-efficient pattern matching al-
to 4432 and 3846, respectively. The memory size is reduced gorithm which can significantly reduce the number of states
to 30 699 bytes, 38% of memory reduction from the AC al- and transitions by merging pseudo-equivalent states while main-
gorithm. For total 2217 string patterns of Snort rule sets, our taining correctness of string matching. In addition, the new algo-
algorithm achieves a 21% memory reduction compared with rithm is complementary to other memory reduction approaches
the AC algorithm. and provides further reductions in memory needs. The experi-
Because the state-of-the-art bit-split algorithm is based on the ments demonstrate a significant reduction in memory footprint
AC algorithm, our algorithm can also be integrated to the bit- for data sets commonly used to evaluate IDS systems.
split algorithm to further reduce memory requirements. Table II
shows the results before and after applying our algorithm to the REFERENCES
[1] A. V. Aho and M. J. Corasick, Efficient string matching: An AID
bit-split algorithm. Consider the same Oracle rule set in the first to bibliographic search, Commun. ACM, vol. 18, no. 6, pp. 333340,
row of Table II. Applying the bit-split algorithm which splits the 1975.
traditional AC state machine into 4 state machines, the number [2] M. Aldwairi, T. Conte, and P. Franzon, Configurable string matching
hardware for speeding up intrusion detection, Proc. ACM SIGARCH
of transitions and states are 21 949 and 21 993, respectively. The Comput. Arch. News, vol. 33, no. 1, pp. 99107, 2005.
size of memory is 159 202 bytes. Integrating our algorithm to the [3] M. Alicherry, M. Muthuprasanna, and V. Kumar, High speed pattern
bit-split algorithm, the number of transitions and states are re- matching for network IDS/IPS, in Proc. IEEE Int. Conf. Netw. Proto-
cols (ICNP), 2006, pp. 187196.
duced to 14 437 and 12 664, respectively. The size of memory is [4] B. Brodie, R. Cytron, and D. Taylor, A scalable architecture for
reduced to 98 400 bytes. The memory reduction achieves 38%. high-throughput regular-expression pattern matching, in Proc. 33rd
For total 2,217 string patterns of Snort rule sets, integrating our Int. Symp. Comput. Arch. (ISCA), 2006, pp. 191122.
[5] Z. K. Baker and V. K. Prasanna, High-throughput linked-pattern
algorithm to the bit-split algorithm can achieve 24% of memory matching for intrusion detection systems, in Proc. Symp. Arch. for
reduction. Netw. Commun. Syst. (ANCS), Oct. 2005, pp. 193202.
Furthermore, we have synthesized the hardware module in [6] Y. H. Cho and W. H. Mangione-Smith, A pattern matching co-pro-
cessor for network security, in Proc. 42nd IEEE/ACM Des. Autom.
Fig. 19 using the ASIC flow of the UMC 0.18 m technology. Conf., Anaheim, CA, Jun. 1317, 2005, pp. 234239.
The results are compared with [2], [6], [27], [28], [30] as shown [7] Y. H. Cho and W. H. Mangione-Smith, Fast reconfiguring deep packet
in Table III. In Table III, columns 2, 3, and 4 shows the number filter for 1 + GigabitNetwork , in Proc. 13th Ann. IEEE Symp. Field
Program. Custom Comput. Mach. (FCCM), 2005, pp. 215224.
of characters, the memory size, and the throughput. Column [8] C. R. Clark and D. E. Schimmel, Scalable pattern matching on high
5 shows the memory utilization per character while column 6 speed networks, in Proc. 12th Ann. IEEE Symp. Field Program.
shows the memory efficiency which is defined as the following Custom Comput. Mach. (FCCM), 2004, pp. 249257.
[9] G. Dan, Algorithms on Strings, Trees and Sequences: Computer Sci-
equation: ence and Computational Biology. Cambridge, U.K.: Cambridge Uni-
versity Press, 1997.
[10] S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. Lockwood,
throughput Char. Num. Deep packet inspection using parallel bloom filters, in Proc. 11th
Memory efficiency Symp. High Perform. Interconnects, Aug. 2003, pp. 4453.
Mem
Authorized licensed use limited to: National Cheng Kung University. Downloaded on January 5, 2010 at 06:44 from IEEE Xplore. Restrictions apply.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
LIN AND CHANG: EFFICIENT PATTERN MATCHING ALGORITHM FOR MEMORY ARCHITECTURE 9
[11] S. Dharmapurikar and J. Lockwood, Fast and scalable pattern [26] R. Sidhu and V. K. Prasanna, Fast regular expression matching
matching for content filtering, in Proc. Symp. Arch. for Netw. using FPGAS, in Proc. 9th Ann. IEEE Symp. Field-Program. Custom
Commun. Syst. (ANCS), Oct. 2005, pp. 183192. Comput. Mach. (FCCM), 2001, pp. 227238.
[12] M. Gokhale, D. Dubois, A. Dubois, M. Boorman, S. Poole, and V. H. [27] L. Tan and T. Sherwood, A high throughput string matching architec-
Granidt, Towards gigabit rate network intrusion detection, in Proc. ture for intrusion detection and prevention, in Proc. 32nd Annu. Int.
the Eleventh Annual ACM/SIGDA International Conference on Field- Symp. Comput. Arch. (ISCA), 2005, pp. 112122.
Programmable Logic and Applications (FPL 03), 2002, pp. 404413. [28] N. Tuck, T. Sherwood, B. Calder, and G. Varghese, Deterministic
[13] B. L. Hutchings, R. Franklin, and D. Carver, Assisting network in- memory-efficien string matching algorithms for intrusion detection,
trusion detection with reconfigurable hardware, in Proc. 10 th Annu. in Proc. 23nd Conf. IEEE Commun. Soc. (INFOCOMM), Mar. 2004,
IEEE Symp. Field-Program. Custom Comput. Mach. (FCCM), 2002, pp. 26282639.
pp. 111120. [29] F. Yu, Z. Chen, Y. Diao, T. V. Lakshman, and R. H. Katz, Fast and
[14] H. J. Jung, Z. K. Baker, and V. K. Prasanna, Performance of FPGA im- memory-efficient regular expression matching for deep packet inspec-
plementation of bit-split architecture for intrusion detection systems, tion, in Proc. ACM/IEEE Symp. Arch. Netw. Commun. Syst. (ANCS),
presented at the 20th Int. Parallel Distrib. Process. Symp. (IPDPS), 2006, pp. 93102.
Rhodes Island, Greece, 2006. [30] F. Yu, R. H. Katz, and T. V. Lakshman, Gigabit rate packet pattern-
[15] S. Kumar, S. Dharmapurikar, F. Yu, P. Crowley, and J. Turner, Al- matching using TCAM, in Proc. 12th IEEE Int. Conf. Netw. Protocols
gorithms to accelerate multiple regular expressions matching for deep (ICNP), 2004, pp. 174183.
packet inspection, in Proc. ACM SIGCOMM Comput. Commun. Rev.,
2006, pp. 339350.
[16] C. H. Lin, C. T. Huang, C. P. Jiang, and S. C. Chang, Optimiza-
tion of pattern matching circuits for regular expression on FPGA, Cheng-Hung Lin (S06-M08) received the Ph.D.
IEEE Trans. Very Large Scale Integr. (VLSI) Syst., vol. 15, no. 12, pp. degree in computer science from the National Tsing
13031310, Dec. 2007. Hua University, HsinChu, Taiwan, in 2008.
[17] H. Lu, K. Zheng, B. Liu, X. Zhang, and Y. Liu, A memory-efficient He is currently an Associate Professor with the
parallel string matching architecture for high-speed intrusion detec- Department of Industrial Technology Education,
tion, IEEE J. Sel. Areas Commun., vol. 24, no. 10, pp. 17931804, National Taiwan Normal University, Taipei, Taiwan.
Oct. 2006. His current research interests include network intru-
[18] J. V. Lunteren, High-performance pattern-matching for intrusion de- sion detection, multicore programming, and parallel
tection, in Proc. IEEE INFOCOM, 2006, pp. 113. algorithm design.
[19] J. W. Lockwood, J. Moscola, M. Kulig, D. Reddick, and T. Brooks,
Internet worm and virus protection in dynamically reconfigurable
hardware, presented at the Military Aerosp. Program. Logic Device
(MAPLD), Washington, DC, Sep. 2003, E10.
[20] D. Maier, The complexity of some problems on subsequences and
supersequences, J. ACM, vol. 25, no. 2, pp. 322336, 1978. Shih-Chieh Chang (S92M95) received the B.S.
[21] J. Moscola, J. Lockwood, R. P. Loui, and M. Pachos, Implementation degree in electrical engineering from the National
of a content-scanning module for an internet firewall, in Proc. 11th Taiwan University, Taiwan, in 1987 and the Ph.D.
Ann. IEEE Symp. Field-Program. Custom Comput. Mach. (FCCM), degree in electrical engineering from the University
2003, pp. 3138. of California, Santa Barbara, in 1994.
[22] P. Piyachon and Y. Luo, Compact state machines for high perfor- He is currently a Professor with the Department
mance pattern matching, in Proc. 41nd IEEE/ACM Des. Autom. Conf., of Computer Science, National Tsing Hua Univer-
2007, pp. 493496. sity, Hsinchu, Taiwan. From 1995 to 1996, he worked
[23] P. Piyachon and Y. Luo, Design of high performance pattern matching with Synopsys, Inc., Mountain View, CA. From 1996
engine through compact deterministic finite automata, in Proc. 42nd to 2001, he joined the faculty with the Department
IEEE/ACM Des. Autom. Conf., 2008, pp. 852857. of Computer Science and Information Engineering,
[24] M. Roesch, Snort- lightweight intrusion detection for networks, in National Chung Cheng University, Chiayi, Taiwan, R.O.C. His current research
Proc. 15th Syst. Administration Conf. (LISA), 1999, pp. 229238. interests include logic synthesis, functional verification for SoC, and noise anal-
[25] I. Sourdis and D. Pnevmatikatos, Pre-decoded CAMs for efficient and ysis.
high-speed NIDS pattern matching, in Proc. 12th Annu. IEEE Symp. Dr. Chang was a recipient of a Best Paper Award at the 1994 Design Automa-
Field Program. Custom Comput. Mach. (FCCM), 2004, pp. 258267. tion Conference.
Authorized licensed use limited to: National Cheng Kung University. Downloaded on January 5, 2010 at 06:44 from IEEE Xplore. Restrictions apply.