mDFA: A Memory Efficient DFA-Based Pattern Matching Engine on FPGA

Security applications such as network intrusion detection system (NIDS) and virus scanning engine utilize pattern matching as an essential mechanism for detecting harmful activities or malicious codes. The increase of pattern set in size and complexity as well as the high demand of scanning data volume make pattern matching task on general purpose processor more challenging. One solution for this issue is employing reconfigurable device, field programmable gate array (FPGA), to offload this time-consuming task. In this paper, we introduce a memory efficient FPGA-based pattern matching architecture. We utilized Deterministic Finite Automata (DFA) as main pattern matching algorithm and propose modifications (mDFA) to reduce redundant logic. The proposed design, with better memory utilization, is capable of dynamic update and compatible to stateful NIDSs and virus scanners. The analysis of memory efficiency and the hardware implementation of proposed architecture are also presented in this paper. We experiment our approach on contemporary NIDS pattern sets and virus signature database and build a prototype using NetFPGA 1G platform to test on real network environment. The results show that our design could save up to 90 % hardware resources as compared to traditional DFA approach and gain a throughput of 1.9 Gbps. The prototype could achieve 2.7–4.5 × speed up to software-based matching engine. © Springer Science+Business Media New York 2014.