t h e u n i v e r s i t y o f b r i t i s h c o l u m b i a 15 october 2008 microsystems and...
Post on 01-Apr-2015
212 Views
Preview:
TRANSCRIPT
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
15 October 2008Microsystems and Nanoelectronics Research Conference
1
PERG: A Scalable Pattern-Matching Accelerator
Johnny Ho and Guy Lemieux
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
Motivation
• Rapid Growth of Computer Viruses• Antivirus is Slow!• Detection Bottleneck
– Pattern-Matching
• Solution: Hardware Parallelism!
15 October 2008 Microsystems and Nanoelectronics Research Conference2
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
Do Patterns below appear in Data above?
72c3131372c35372c34382c35372c34382c33372c3131372c35372c34382c35372c34382c33372c3131372c35332c35322c3130312c39382c33372c3131372c35352c35332c35362c39382c33372c3131372c35362c39382c35312c39392c33372c3131372c35312c35332c35352c35322c33372c3131372c34382c35312c35352c35362c33372c3131372c35332c35342c3130322c35332c33372c3131372c35352c35342c35362c39382c33372c3131372c34382c35312c35302c34382c33372c3131372c35312c35312c3130322c35332c33372c3131372c35322c35372c39392c35372c33372c3131372c39372c3130302c35322c34392c33372c3131372c3130302c39382c35312c35312c33372c3131372c34382c31530065006e00640020006b00650079007300740072006f006b0065007300200065006e00610062006c0065006400000030000000530065006e00640020006b00650079007300740072006f006b00650073002000640069007300610062006c0065006400000000001a00000043006f006e006e0065006300740065006400200074006f0020000000020000003a000000380000005400720061006e0073006600650072002000730065007300730069006f006e002000650073007400610062006c0069007300680065006400000000002c00000020005200650076006500720073006500200063006f006e006e0065006300740065006400200074006f002000000000002e0000004e006f00200072006500730070006f006e00730065002000660072006f006d00200073006500720076006500720000001c0000004300610070007
15 October 2008 Microsystems and Nanoelectronics Research Conference4
• 30302c39382c35312c35312• 82c33372c{2}313137d
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
What is The PERG ?• Grep Spelled Backwards• Software: Pattern Compiler• Hardware: Configurable Architecture
– FPGA (+ small SRAM)
• Performance Highlights– 29x faster than Intel Core 2 Duo– 29x better density than similar hardware engines
15 October 2008 Microsystems and Nanoelectronics Research Conference5
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
Similar Problem: Network Security
• Network Intrusion Detection Systems (NIDS)
– Deep-packet Inspection
– Snort NIDSSnort NIDS Pattern Database
15 October 2008 Microsystems and Nanoelectronics Research Conference6
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
15 October 2008 Microsystems and Nanoelectronics Research Conference9
ClamAV AntivirusClamAV AntivirusSnort NIDSSnort NIDS
Pattern Database Sizes
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
15 October 2008 Microsystems and Nanoelectronics Research Conference11
Existing PM SolutionsHardware Density
Database Update
Regular Expression
Verification
FSM(Aho Corsaik)
Low Difficult Yes Not Required
Hash(Bloom Filter)
High Easy No Slow
The PERG Very Very HighHigh
EasyEasy YesYes
* FPGA 2009* FPGA 2009
FastFast
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
Bloom Filter Hashing
• Pattern: “ABCD{4}EFG”
• Setup: Boolean Hash Table– Set TRUE at “ABCD” and “EFG”
• Operation: Hash Input String– Return FALSE – No Match– Return TRUE – Possible Match
15 October 2008 Microsystems and Nanoelectronics Research Conference12
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
Bloom Filter Verification
• Aliasing• False positives are detected
• Verification Necessary• Exact-matching• All PatternsAll Patterns in Hash Table are possible• Computationally expensive!Computationally expensive!
15 October 2008 Microsystems and Nanoelectronics Research Conference13
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
Key Contributions
• Fast Verification– Use “Bloomier” Filters
• Perfect Hashing – Only 1 Pattern Possible
– CRC – Fast Pattern Check– Dynamic Updates
• Improved Density (area)– Merge Bloomier Filters
15 October 2008 Microsystems and Nanoelectronics Research Conference14
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
The PERG Hardware
15 October 2008 Microsystems and Nanoelectronics Research Conference15
Input Buffer
BFUL3
BFUL4
BFUL5
BFUL2
BFU L1
Off-Chip SRAM
FPGA
Data In Data Out
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
The PERG Hardware
15 October 2008 Microsystems and Nanoelectronics Research Conference16
Input Buffer
BFUL3
BFUL5
BFU L1
Off-Chip SRAM
FPGA
Data In Data Out
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
The PERG Hardware
15 October 2008 Microsystems and Nanoelectronics Research Conference17
Input Buffer
BFUL3
BFUL5
BFU L1
Insp
ecti
on
Un
it
Off-Chip SRAM
FPGA
Data In Data Out
CRC CRC CRC
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
The PERG Hardware
15 October 2008 Microsystems and Nanoelectronics Research Conference18
CRC 2
Fragment Reassembly Unit
Input Buffer
BFUL3
BFUL5
BFU L1
Memory Interface
MetadataUnit
Insp
ecti
on
Un
it
Off-Chip SRAM
Address
Metadata
FPGA
Data In Data Out
CRC CRC CRC
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
Filter Consolidation Example
• ABCD{4}EFG
15 October 2008 Microsystems and Nanoelectronics Research Conference19
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
Pattern: Segmentation
• ABCD{4}EFG
• ABCD{7} EFG
15 October 2008 Microsystems and Nanoelectronics Research Conference20
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
Pattern: Filter Mapping
• ABCD{4}EFG
• ABCD{7} EFG
• ABC{1} BCD{7} EFG
15 October 2008 Microsystems and Nanoelectronics Research Conference21
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
Pattern: Filter Mapping
• ABCD{4}EFG
• ABCD{7} EFG
• ABC{1} BCD{7} EFG
15 October 2008 Microsystems and Nanoelectronics Research Conference22
1 2 3
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
The PERG Hardware
15 October 2008 Microsystems and Nanoelectronics Research Conference23
CRC 2
Fragment Reassembly Unit
Input Buffer
BFUL3
BFUL5
BFU L1
Memory Interface
MetadataUnit
Insp
ecti
on
Un
it
Off-Chip SRAM
Address
Metadata
FPGA
Data In Data Out
CRC CRC CRC
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
The PERG Hardware
15 October 2008 Microsystems and Nanoelectronics Research Conference24
Cache
CRC 2Reassembly Controller
Fragment Reassembly Unit
Circular State Buffer
Input Buffer
BFUL3
BFUL5
BFU L1
Memory Interface
MetadataUnit
Insp
ecti
on
Un
it
Off-Chip SRAM
Address
Metadata
FPGA
Data In Data Out
CRC CRC CRC
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
The PERG Hardware
15 October 2008 Microsystems and Nanoelectronics Research Conference25
Cache
CRC 2Reassembly Controller
Fragment Reassembly Unit
Circular State Buffer
Input Buffer
BFUL3
BFUL5
BFU L1
Memory Interface
MetadataUnit
Insp
ecti
on
Un
it
Off-Chip SRAM
Address
Metadata
FPGA
Data In Data Out
CRC CRC CRC
1
3
2 12
3
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
Results• # of Characters (Higher = Better)
– 8,224,848 characters The PERG
– 68,266 characters Next-best NIDS
• # of Rules (Higher = Better)
– 80,282 rules The PERG
– 5,026 rules Next-best NIDS
• Merged Hardware Resources– 26 versus 261 filter units
– 11% versus 70% memory left unused
15 October 2008 Microsystems and Nanoelectronics Research Conference26
121xBetter
16xBetter
10x, 7xBetter
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
• Throughput (Higher = Better)
– 190 MB/s The PERG– 6.5 MB/s Intel Core 2 Duo
• Density (Lower = Better)
– 0.3 bits/char The PERG– 8.7 bits/char Next-best NIDS
15 October 2008 Microsystems and Nanoelectronics Research Conference27
29xFaster
29xBetter
Density
Results
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
Future Work
• Regular Expression Support– submitted to FPGA 2009
• NIDS (Snort) database
15 October 2008 Microsystems and Nanoelectronics Research Conference28
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
Thank You!
15 October 2008 Microsystems and Nanoelectronics Research Conference29
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A
Questions?
15 October 2008 Microsystems and Nanoelectronics Research Conference30
© Warner Bros and Legendary Pictures
top related