Title :
Enhanced FPGA-based architecture for regular expression matching in NIDS
Author :
Long, Le Hoang ; Hieu, Tran Trung ; Tai, Vu Tan ; Hung, Nguyen Hoa ; Thinh, Tran Ngoc ; Vu, Dinh Duc Anh
Author_Institution :
Fac. of Comput. Sci. & Eng., Ho Chi Minh City Univ. of Technol., Ho Chi Minh City, Vietnam
Abstract :
Perl Compatible Regular Expression (PCRE) is increasingly used in Network Intrusion Detection System due to its efficiency. However, there are many issues that have not been completely solved for PCRE matching on hardware platform. In this paper, we propose an FPGA-based PCRE matching architecture that effectively improves the constraint repetition, an importance feature of PCRE. We enhance our architecture to handle m flag which is a powerful PCRE modifier. Besides, a tool-chain for auto-generating PCRE matching engine is also implemented. Our experimental results on low-cost Altera Cyclone II chip shows that our architecture can achieve throughput up to 1Gbps and save up to 92.74% hardware resource as compared with the conventional architecture.
Keywords :
Automata; Computer architecture; Computer science; Counting circuits; Doped fiber amplifiers; Field programmable gate arrays; Hardware; Intrusion detection; Programmable logic arrays; Protection;
Conference_Titel :
Electrical Engineering/Electronics Computer Telecommunications and Information Technology (ECTI-CON), 2010 International Conference on
Conference_Location :
Chiang Mai, Thailand
Print_ISBN :
978-1-4244-5606-2
Electronic_ISBN :
978-1-4244-5607-9
