Optimization of Regular Expression Processing Circuits for NIDS on FPGA

Recent Network Intrusion Detection System (NIDS) utilizes more and more Regular Expression to describe malicious patterns existing in the content payload of packets. Many researches are investigated and several techniques are introduced to optimize performance and support all functions of regular expression on hardware platform. However there is very few researches in the minimization of multiple regular expressions. This paper takes in account of compiling multiple regular expressions with respect to optimize hardware resources. We take advantage of block memory to implement character matching and present a novel sharing architecture which completely supports sharing common parts among given set of regular expressions. Experimental results show that our optimization can reduce 46% area circuits compared with previous approaches and achieve throughput of 1.5-2.1 Gbps on Snort malicious database.

[1]  Tsutomu Sasao,et al.  A Regular Expression Matching Circuit Based on a Decomposed Automaton , 2011, ARC.

[2]  Tran Ngoc Thinh,et al.  ECEB : Enhanced Constraint Repetition Block for Regular Expression Matching on FPGA , 2011 .

[3]  Yu Chen,et al.  A Survey on the Application of FPGAs for Network Infrastructure Security , 2011, IEEE Communications Surveys & Tutorials.

[4]  Viktor K. Prasanna,et al.  Compact architecture for high-throughput regular expression matching on FPGA , 2008, ANCS '08.

[5]  John W. Lockwood,et al.  Implementation of a content-scanning module for an Internet firewall , 2003, 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2003. FCCM 2003..

[6]  Patrick Crowley,et al.  Algorithms to accelerate multiple regular expressions matching for deep packet inspection , 2006, SIGCOMM.

[7]  Christopher R. Clark,et al.  Scalable pattern matching for high speed networks , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[8]  Viktor K. Prasanna,et al.  Regular Expression Software Deceleration for Intrusion Detection Systems , 2006, 2006 International Conference on Field Programmable Logic and Applications.

[9]  Yan Luo,et al.  DPICO: a high speed deep packet inspection engine using compact finite automata , 2007, ANCS '07.

[10]  Brad L. Hutchings,et al.  Assisting network intrusion detection with reconfigurable hardware , 2002, Proceedings. 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[11]  Cheng-Hung Lin,et al.  Optimization of Regular Expression Pattern Matching Circuits on FPGA , 2006, Proceedings of the Design Automation & Test in Europe Conference.

[12]  Stamatis Vassiliadis,et al.  Regular expression matching for reconfigurable packet inspection , 2006, 2006 IEEE International Conference on Field Programmable Technology.

[13]  Jeffrey D. Ullman,et al.  The compilation of regular expressions into integrated circuits , 1980, 21st Annual Symposium on Foundations of Computer Science (sfcs 1980).

[14]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).

[15]  Gordon J. Brebner,et al.  Mutable codesign for embedded protocol processing , 2005, International Conference on Field Programmable Logic and Applications, 2005..