The Cost Effective Pre-processing Based NFA Pattern Matching Architecture for NIDS

Network Intrusion Detection System (NIDS) is a system which can detect network attacks resulted from worms and viruses on the Internet. An efficient pattern matching algorithm plays an important role in NIDS. There have been many proposed methods for pattern matching algorithms. Traditionally, the multi-character NFA that is capable of matching multiple characters per cycle can be built by duplicating entire circuit of 1-character architecture. In this paper, we propose a pre-processing based architecture to improve the original multi-character architecture. The design of the proposed architecture and its implementation in FPGA are described in details. Our simulation results show that the proposed architecture performs better than all the existing Brute-Force based approaches in terms of the throughput and the slice utilization. Specifically, the proposed architectures of 2-character and 4-character designs can achieve the throughputs of 4.68 and 7.27 Gbps and the slice utilization of 2.86 and 2.10 in terms of char/slice, respectively.