FPGA-Based Acceleration of Pattern Matching in YARA

String and regular expression pattern matching is an integral part of intrusion detection systems to detect potential threats. YARA is a pattern matching framework to identify malicious content by defining complex patterns and signatures. Software implementations of YARA on CPU do not meet the throughput requirements of core networks. We present a FPGA based hardware accelerator to boost the performance of pattern matching in YARA framework. The proposed architecture consists of pattern matching engines organized as two-dimensional stages and pipelines. We implemented rulesets of sizes varying from 8 to 200 rules with total number of patterns ranging from 128 to 6000. Post place-and-route results demonstrate that the proposed design achieves throughput ranging from 12.85i?źGbps to 21.8i?źGbps. This is an improvement of 8.8$$\times $$ to 14.5$$\times $$ in comparison with the throughput of 1.45i?źGbps for a software implementation on a state of the art multi-core platform.

[1]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).

[2]  Hwankuk Kim,et al.  The Protection Technology of Script-Based Cyber Attack , 2015 .

[3]  Viktor K. Prasanna,et al.  A Memory-Efficient and Modular Approach for Large-Scale String Pattern Matching , 2013, IEEE Transactions on Computers.

[4]  Vern Paxson,et al.  The shunt: an FPGA-based accelerator for network intrusion prevention , 2007, FPGA '07.

[5]  Dionisios N. Pnevmatikatos,et al.  Fast, Large-Scale String Match for a 10Gbps FPGA-Based Network Intrusion Detection System , 2003, FPL.

[6]  Ioannis Papaefstathiou,et al.  A Memory-Efficient FPGA-based Classification Engine , 2008, 2008 16th International Symposium on Field-Programmable Custom Computing Machines.

[7]  Qiang Fu,et al.  YALIH, Yet Another Low Interaction Honeyclient , 2014, AISC.

[8]  Viktor K. Prasanna,et al.  High-Performance and Compact Architecture for Regular Expression Matching on FPGA , 2012, IEEE Transactions on Computers.

[9]  Stamatis Vassiliadis,et al.  Regular expression matching for reconfigurable packet inspection , 2006, 2006 IEEE International Conference on Field Programmable Technology.

[10]  Jeffrey D. Ullman,et al.  The compilation of regular expressions into integrated circuits , 1980, 21st Annual Symposium on Foundations of Computer Science (sfcs 1980).