Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Preprint |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2403.16533 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866910381697400832 |
|---|---|
| author | Zhong, Jincheng Chen, Shuhui Yu, Chuan |
| author_facet | Zhong, Jincheng Chen, Shuhui Yu, Chuan |
| contents | Regular expression matching is the core function of various network security applications such as network intrusion detection systems. With the network bandwidth increases, it is a great challenge to implement regular expression matching for line rate packet processing. To this end, a novel scheme named XAV targeting high-performance regular expression matching is proposed in this paper. XAV first employs anchor DFA to tackle the state explosion problem of DFA. Then based on anchor DFA, two techniques including pre-filtering and regex decomposition are utilized to improve the average time complexity. Through implementing XAV with an FPGA-CPU architecture, comprehensive experiments show that a high matching throughput of up to 75 Gbps can be achieved for the large and complex Snort rule-set. Compared to state-of-the-art software schemes, XAV achieves two orders of magnitude of performance improvement. While compared to state-of-the-art FPGA-based schemes, XAV achieves more than 2.5x performance improvement with the same hardware resource consumption. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2403_16533 |
| institution | arXiv |
| publishDate | 2024 |
| record_format | arxiv |
| spellingShingle | XAV: A High-Performance Regular Expression Matching Engine for Packet Processing Zhong, Jincheng Chen, Shuhui Yu, Chuan Networking and Internet Architecture Regular expression matching is the core function of various network security applications such as network intrusion detection systems. With the network bandwidth increases, it is a great challenge to implement regular expression matching for line rate packet processing. To this end, a novel scheme named XAV targeting high-performance regular expression matching is proposed in this paper. XAV first employs anchor DFA to tackle the state explosion problem of DFA. Then based on anchor DFA, two techniques including pre-filtering and regex decomposition are utilized to improve the average time complexity. Through implementing XAV with an FPGA-CPU architecture, comprehensive experiments show that a high matching throughput of up to 75 Gbps can be achieved for the large and complex Snort rule-set. Compared to state-of-the-art software schemes, XAV achieves two orders of magnitude of performance improvement. While compared to state-of-the-art FPGA-based schemes, XAV achieves more than 2.5x performance improvement with the same hardware resource consumption. |
| title | XAV: A High-Performance Regular Expression Matching Engine for Packet Processing |
| topic | Networking and Internet Architecture |
| url | https://arxiv.org/abs/2403.16533 |