Abstract
Abstract Regular expression is a critical mechanism in modern network security and widely used in network intrusion detection system to describe malicious patterns. In order to speed up the pattern matching process, a number of studies have been investigated to implement regular expression matching on reconfigurable hardware. Several optimizations have been proposed, however the problem of sharing sub-patterns between multiple regular expressions is not solved completely. In this paper we present ENREM, an Efficient NFA-based Regular Expression Matching Engine on reconfigurable hardware. We introduce a new infix and suffix sharing architecture and employ it along with several techniques to optimize the required area of pattern matching circuits. In addition we developed tools for automatically generating the Verilog HDL source code of ENREM circuit from any given set of Perl compatible regular expression patterns. In order to evaluate proposed architecture, we exploit Snort rules and implement ENREM on Xilinx Virtex-II Pro XC2VP-50 FPGA. The system is tested on NetFPGA platform with DARPA intrusion detection as input data to verify the accuracy of circuit. The experimental results show that ENREM can reduce 42% LUTs and 32% FlipFlops compared with previous approaches while maintains high-speed matching throughput from 1.45 to 2.35 Gbps.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.