Tree-based string pattern matching on FPGAs

Network intrusion detection systems (NIDSs) monitor Internet Protocol (IP) traffic to detect anomalous and malicious activities on a network. Despite the plethora of studies in this field, hardware-based string matching engines that can accommodate the advancements in optical networking technology are still in high demand. Furthermore, memory efficient data structures to store intrusion patterns have recently received a great deal of research attention. In this paper, we introduce a tree-based pattern matching (TPM) scheme that comprises a forest of Binary Search Tree (BST) data structures and an accommodating high-throughput multi-pipelined architecture for scalable string matching on hardware. To improve the resource efficiency in hardware implementations, we enhanced TPM scheme (extended-TPM) with two novel tree structures, namely BST-epsilon (BST∊) and hierarchical BST (H-BST). Our entire design accomplishes a memory efficiency of 1.07 bytes/char for the latest Snort dictionary. Utilizing a state-of-the-art Field Programmable Gate Arrays (FPGAs), TPM architecture can sustain a throughput of 2.7 Gbps.