A High-Performance Round-Robin Regular Expression Matching Architecture Based on FPGA

State-of-the-art Network Intrusion Detection Systems (NIDSs) use regular expressions to detect attacks or vulnerabilities. In order to keep up with the ever-increasing speed, more and more NIDSs need to be implemented by dedicated hardware. A major bottleneck is that NIDSs scan incoming packets just byte by byte, which greatly limits their throughput. In this paper, we propose a novel architecture for regular expression (RE) matching that consumes multiple characters per time. This architecture contains all the advantages of three FPGA-based algorithms to improve RE matching speed: Simple State Merge Tree (SSMT), Distribute Data in Round-Robin (DDRR), and Multi-path Speculation. Our architecture was tested on several real-life RE rulesets. It could yield a performance of 140Gbps processing rates on a single FPGA chip, while maintaining memory efficiency. This makes it a very practical solution for NIDS in 100G Ethernet standard network, which is currently the fastest approved standard of Ethernet. The experimental results also show that the throughput is about 108 times better than that of the original DFA, while the memory consumption is only about $\frac{1}{10}$ of the original DFA.

[1]  Yong Tang,et al.  Gregex: GPU Based High Speed Regular Expression Matching Engine , 2011, 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[2]  Viktor K. Prasanna,et al.  FEACAN: Front-end acceleration for content-aware network processing , 2011, 2011 Proceedings IEEE INFOCOM.

[3]  Jan van Lunteren Scalable DFA Compilation for High-Performance Regular-Expression Matching , 2016, SCOPES.

[4]  Patrick Crowley,et al.  A-DFA: A Time- and Space-Efficient DFA Compression Algorithm for Fast Regular Expression Evaluation , 2013, TACO.

[5]  Rajeev Rastogi,et al.  Scalable regular expression matching on data streams , 2008, SIGMOD Conference.

[6]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[7]  Stefano Giordano,et al.  An improved DFA for fast regular expression matching , 2008, CCRV.

[8]  Lei Jiang,et al.  PiDFA: A practical multi-stride regular expression matching engine based On FPGA , 2016, 2016 IEEE International Conference on Communications (ICC).

[9]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[10]  Eric Torng,et al.  Fast Regular Expression Matching Using Small TCAM , 2014, IEEE/ACM Transactions on Networking.

[11]  Ron K. Cytron,et al.  A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching , 2006, ISCA 2006.

[12]  Patrick Crowley,et al.  Algorithms to accelerate multiple regular expressions matching for deep packet inspection , 2006, SIGCOMM 2006.