A Design Method of a Regular Expression Matching Circuit Based on Decomposed Automaton

IEICE Transactions on Information and Systems (Impact Factor: 0.21). 02/2012; 95-D(2):364-373. DOI: 10.1587/transinf.E95.D.364
Source: DBLP


This paper shows a design method for a regular expression matching
circuit based on a decomposed automaton. To implement a regular
expression matching circuit, first, we convert a regular expression into
a non-deterministic finite automaton (NFA). Then, to reduce the number
of states, we convert the NFA into a merged-states non-deterministic
finite automaton with unbounded string transition (MNFAU) using a greedy
algorithm. Next, to realize it by a feasible amount of hardware, we
decompose the MNFAU into a deterministic finite automaton (DFA) and an
NFA. The DFA part is implemented by an off-chip memory and a simple
sequencer, while the NFA part is implemented by a cascade of logic
cells. Also, in this paper, we show that the MNFAU based implementation
has lower area complexity than the DFA and the NFA based ones.
Experiments using regular expressions form SNORT shows that, as for the
embedded memory size per a character, the MNFAU is 17.17-148.70 times
smaller than DFA methods. Also, as for the number of LCs (Logic Cells)
per a character, the MNFAU is 1.56-5.12 times smaller than NFA methods.
This paper describes detail of the MEMOCODE2010 HW/SW co-design contest
for which we won the first place award.

Download full-text


Available from: Hiroki Nakahara, Jul 03, 2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper shows a compact realization of regular expression matching circuits on FPGAs. First, the given regular expression is converted into a non-deterministic finite automaton (NFA) by the modified McNaughton-Yamada method. Second, to reduce the number of the states in the NFA, prefixes for the NFA are shared. Also, the NFA is converted into the NFA with multi-character transition (MNFAU: Modular non-deterministic finite automaton with unbounded string transition). Third, the MNFAU is decomposed into the transition string part and the state transition part. The transition string part is represented by the Aho-Corasic deterministic finite automaton (AC-DFA), and it is implemented by an off-chip memory and a register. On the other hand, the state transition part is implemented by a cascade of logic cells (LCs) and the interconnection on the FPGA. We implemented the regular expressions for SNORT (an open source intrusion detection system) on a Xilinx FPGA. Experimental results showed that, the embedded memory size per a character of the MNFAU is reduced to 0.2% of the pipelined DFA; 4.2% of the bit-partitioned DFA; 41.0% of the MNFAU (3); and 71.4% of the MNFAU without prefix sharing. Also, the number of LCs per a character of the MNFAU is reduced to 0.9% of the pipelined DFA; 15.6% of the NFA; and 80.0% of MNFAU without prefix sharing.
    No preview · Article · Nov 2012 · Microprocessors and Microsystems
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Regular expression is a critical mechanism in modern network security and widely used in network intrusion detection system to describe malicious patterns. In order to speed up the pattern matching process, a number of studies have been investigated to implement regular expression matching on reconfigurable hardware. Several optimizations have been proposed, however the problem of sharing sub-patterns between multiple regular expressions is not solved completely. In this paper we present ENREM, an Efficient NFA-based Regular Expression Matching Engine on reconfigurable hardware. We introduce a new infix and suffix sharing architecture and employ it along with several techniques to optimize the required area of pattern matching circuits. In addition we developed tools for automatically generating the Verilog HDL source code of ENREM circuit from any given set of Perl compatible regular expression patterns. In order to evaluate proposed architecture, we exploit Snort rules and implement ENREM on Xilinx Virtex-II Pro XC2VP-50 FPGA. The system is tested on NetFPGA platform with DARPA intrusion detection as input data to verify the accuracy of circuit. The experimental results show that ENREM can reduce 42% LUTs and 32% FlipFlops compared with previous approaches while maintains high-speed matching throughput from 1.45 to 2.35 Gbps.
    Full-text · Article · Apr 2013 · Journal of Systems Architecture
  • [Show abstract] [Hide abstract]
    ABSTRACT: Given an incompletely specified index generation function, the number of variables to represent the function can often be reduced by properly assigning don't care values. In this paper, we derive a lower bound on the number of variables necessary to represent a given incompletely specified index generation function. We also derive three properties of incompletely specified index generation functions. We confirm these properties by experiments using random index generation functions.
    No preview · Conference Paper · May 2014