摘要
针对多正则表达式匹配已经成为制约网络安全系统性能瓶颈的问题,提出一种硬件四级流水线的多正则表达式匹配结构。该结构对多条正则表达式统一处理,将正则表达式切割成字符串和循环控制,采用字符串匹配结构处理字符串,并设计专用硬件电路处理循环限制。实验表明,该硬件结构在Virtex2和Virtex4 FPGA上分别可以达到1.9和2.1Gb/s的匹配性能,与国外相关研究成果相比,消耗更少的存储空间,并支持更多的正则表达式。
Multiple regular expression matching has become one of the most important performance bottlenecks in network security applications. The paper presents a hardware-based multiple regular expressions matching architecture with a four-stage pipeline. The architecture simultaneously matches multiple regular expressions. The algorithm splits the regular expressions into strings and constrained repetitions and then utilizes a string matching architecture for the strings and a hardware circuit for the constrained repetitions. Experiments show that the architecture can achieve a high throughput of 1.9 Gb/s using Virtex2 devices and 2.1 Gb/s using Virtex4 devices. This solution supports more regular expressions with less storage than other architectures.
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2009年第10期1704-1707,共4页
Journal of Tsinghua University(Science and Technology)
基金
国家"八六三"高技术项目(2007AA01Z468)
关键词
网络安全
系统结构
特征匹配
正则表达式匹配
network security
architecture
pattern matching
regular expression matching