A High-Performance Round-Robin Regular Expression Matching Architecture Based On Fpga

State-of-the-art Network Intrusion Detection Systems (NIDSs) use regular expressions to detect attacks or vulnerabilities. In order to keep up with the ever-increasing speed, more and more NIDSs need to be implemented by dedicated hardware. A major bottleneck is that NIDSs scan incoming packets just byte by byte, which greatly limits their throughput. In this paper, we propose a novel architecture for regular expression (RE) matching that consumes multiple characters per time. This architecture contains all the advantages of three FPGA-based algorithms to improve RE matching speed: Simple State Merge Tree (SSMT), Distribute Data in Round-Robin (DDRR), and Multi-path Speculation. Our architecture was tested on several real-life RE rulesets. It could yield a performance of 140Gbps processing rates on a single FPGA chip, while maintaining memory efficiency. This makes it a very practical solution for NIDS in 100G Ethernet standard network, which is currently the fastest approved standard of Ethernet. The experimental results also show that the throughput is about 108 times better than that of the original DFA, while the memory consumption is only about 1/10 of the original DFA.