Title :
Optimization of Regular Expression Processing Circuits for NIDS on FPGA
Author :
Hieu, Tran Trung ; Thinh, Tran Ngoc ; Vu, Tran Huy ; Tomiyama, Shigenori
Author_Institution :
Comput. Eng. Dept., Ho Chi Minh Univ. of Technol., Ho Chi Minh City, Vietnam
fDate :
Nov. 30 2011-Dec. 2 2011
Abstract :
Recent Network Intrusion Detection System (NIDS) utilizes more and more Regular Expression to describe malicious patterns existing in the content payload of packets. Many researches are investigated and several techniques are introduced to optimize performance and support all functions of regular expression on hardware platform. However there is very few researches in the minimization of multiple regular expressions. This paper takes in account of compiling multiple regular expressions with respect to optimize hardware resources. We take advantage of block memory to implement character matching and present a novel sharing architecture which completely supports sharing common parts among given set of regular expressions. Experimental results show that our optimization can reduce 46% area circuits compared with previous approaches and achieve throughput of 1.5-2.1 Gbps on Snort malicious database.
Keywords :
field programmable gate arrays; telecommunication security; FPGA; Snort malicious database; block memory; character matching; content payload; hardware platform; network intrusion detection system; optimization; regular expression processing circuit; Databases; Doped fiber amplifiers; Engines; Field programmable gate arrays; Hardware; Table lookup; dfa; nfa; nids; pcre; regular expression;
Conference_Titel :
Networking and Computing (ICNC), 2011 Second International Conference on
Conference_Location :
Osaka
Print_ISBN :
978-1-4577-1796-3
DOI :
10.1109/ICNC.2011.23
