Research Article
High Performance Regular Expression Matching on FPGA
@INPROCEEDINGS{10.1007/978-3-030-00916-8_50, author={Jiajia Yang and Lei Jiang and Xu Bai and Qiong Dai}, title={High Performance Regular Expression Matching on FPGA}, proceedings={Collaborative Computing: Networking, Applications and Worksharing. 13th International Conference, CollaborateCom 2017, Edinburgh, UK, December 11--13, 2017, Proceedings}, proceedings_a={COLLABORATECOM}, year={2018}, month={10}, keywords={Deep Packet Inspection Regular expression matching DFA FPGA Network security}, doi={10.1007/978-3-030-00916-8_50} }- Jiajia Yang
Lei Jiang
Xu Bai
Qiong Dai
Year: 2018
High Performance Regular Expression Matching on FPGA
COLLABORATECOM
Springer
DOI: 10.1007/978-3-030-00916-8_50
Abstract
Deep Packet Inspection (DPI) technology has been widely deployed in Network Intrusion Detection System (NIDS) to detect attacks and viruses. State-of-the-art NIDS uses Deterministic Finite Automata (DFA) to perform regular expression matching for its stable matching speed. However, traditional DFA algorithm’s throughput is limited by the input character’s width (usually one character per time). In this paper, we present an architecture named Parallel-DFA to accelerate regular expression matching by scanning multiple characters per time. Experimental results show that, our architecture can achieve as high as 1200 Gbps (1.17 Tbps) rate on current single Field-Programmable Gate Array (FPGA) chip. This makes it a very practical solution for NIDS in 100G Ethernet standard network, which is currently the fastest approved standard of Ethernet. To the best of our knowledge, this is the fastest matching performance architecture on a single FPGA chip. Besides, the throughput is nearly 3 orders of magnitude (916) than that of original DFA implemented on software. Our architecture is about 183.2 efficiency than that of original DFA.
