International Journal of Computer Applications (0975 – 8887) Volume 44– No18, April 2012 37 Efficient String Matching Using Deterministic Finite Automation Hardware: Speed vs Area Tradeoff AakankshaPandey Department of CSE & IT MANIT, Bhopal. NilayKhare , PhD Department of CSE & IT MANIT, Bhopal. ABSTRACT Pattern matching is a crucial task in several critical network services such as intrusion detection and matching of the IP address during packet forwarding by the router. In this paper we present an speed vs area tradeoff of the the original DFA and the DFA called delayed input DFA(D 2 FA) with optimized area by eliminating the redundant transition edges.In delayed input DFA the area required to store transition table reduces to 60% of the original DFA but the clock pulse required to execute the process increases almost 40% of the original DFA. The comparison of area and speed is presented. This area optimized architecture of DFA is simulated and synthesized using VHDL on the Xilinx ISE 12.4. Keywords: String Matching,DFA, VHDL. 1. INTRODUCTION With the increased amount of data transferred by network the amount of malicious packet also increased therefore it is necessary to protect the network against malicious attack. Intrusion Detection Systems (IDS) are emerging as one of the most promising way of providing protection to systems on the network against these malicious attacks. Intrusion Detection System continuously monitors the network traffic for suspicious pattern and informs the administrator to take proper action. String matching is the heart of IDS. String matching matches each incoming packet against some stored patterns and identify the suspicious activity. The pattern matching is also used by the router to identify the appropriate outgoing line of the packet during packet transmission .The pattern is matched against the text string. Suppose given text string T = t1t2 …. tn and pattern (keyword)P = p1p2 ….pm, verify if string P is a substring of text T. This task is very simple but it is used very frequently in case of networks application. Very fast algorithms are therefore necessary for this task. The pattern matching can be implemented in both software and hardware. The main motivation of implementing it into the hardware is the performance gap. Hardware provides efficientand flexible way of implementation. FPGA (field Programmable Gate Array) provides flexibility and FPGAincrease theperformance of software based system by 600x for large patterns. There are several techniques that are exist for pattern matching in hardware like comparator based architecture in which discrete comparator are used to match particular character similarly hash based function is also used which uses the digest of the pattern for matching purpose. Finite automata are also used for this purpose. This paper mainly focuses on finite automata based pattern matching. Finiteautomata are very useful way for understanding andsolving manytext processing problems. Deterministic FiniteAutomata (DFA) is widely used in existing work toaccelerate regular expression matching. A deterministic finite state automaton (DFA) is a simple language recognition device. Finite automata provide the easiest way of pattern matching but Depending on the application being considered, it can be the case that the size of the input string tothe DFA is large (e.g. the text T in secure pattern matching), or the size of the DFA itself (e.g. whenmany patterns are combined into one DFA). Therefore, it needs to ensure efficiency and scalability when run on large DFAs and/or input strings. In this paper we present the area vs speed tradeoff of the Deterministic Finite Automata (DFA) and the delayed input Deterministic Finite automata(D 2 FA).We will see how area occupied by the state transition table drastically get decreased by eliminating redundant transition in D 2 FAalong with how the time taken by the input pattern for processing get increased in detail. The rest of the paper is organized as follows section I describes the introduction part of the pattern matching and its application in the network ,section II describe the related work in this field and section III presents the background information of the work, next section deals with the implementation result and the comparison of speed and area taken by the normal DFA and delayed input DFA and last section is the conclusion part. 2. RELATED WORK In the past few years numerous hardware based pattern matching solution have been proposed.The main techniques are CAM( based architecture [5,9,13] uses discrete comparator results higher throughput with increased area and low efficiency,hash function[2,6,12,13] used to compress the string set find probable match and reduce the total number of comparison. regular expression and finite automata based patternmatching[1,2,3,4,5,11,14] results low throughput with increase the area of implementation .the main aim of this paper is to reduce the area of implementation and resource used by applying the state minimization algorithm. Ioannis et al[10] has given the CAM based architecture uses discrete comparator for pattern matching in which the frequency of the pattern matched get increased but the area required to implement the model increases with number of patterns so they uses decoded CAM architecture for better performance and to reduce area density and pipelined Cam to increase processing speed they conclude that pipelined DCAM is the best choice for hardware implementation of pattern matching.