This paper proposes a FPGA-based reconfigurable regular expression matching engine for a network intrusion detection system (NIDS). In the proposed system, the Shift-And algorithm was used to process a regular expression matching. To improve the memory efficiency of the algorithm especially used for the Non-deterministic Finite Automata (NFA) with large number of states, this paper proposes a parallel matching module with a counter module and a priority encoder. In addition, in the proposed system, a large NFA can be divided into several NFAs and process separately by parallel matching module. The proposed architecture with 265 regular expression matching modules is implemented using Xilinx Zynq-7030 FPGA, that shows 1.066 Gbps throughput and uses 54.81% LUT.
展开▼