Fast reconfiguring deep packet filter for 1+ gigabit network

Due to increasing number of network worms and virus, many computer network users are vulnerable to attacks. Unless network security systems use more advanced methods of content filtering such as deep packet inspection, the problem get worse. However, searching for patterns at multiple offsets in entire content of network packet requires more processing power than most general purpose processor can provide. Thus, researchers have developed high performance parallel deep packet filters for reconfigurable devices. Although some reconfigurable systems can be generated automatically from pattern database, obtaining high performance result from each subsequent reconfiguration can be a time consuming process. We present a novel architecture for programmable parallel pattern matching coprocessor. By combining a scalable coprocessor with the compact reconfigurable filter, we produce a hybrid system that is able to update the rules immediate during the time the new filter is being compiled. We mapped our hybrid filter for the latest Snort rule set on January 13, 2005, containing 2,044 unique patterns byte make up 32,384 bytes, onto a single Xilinx Virtex 4LX-XC4VLX15 FPGA with a filtering rate of 2 Gbps.