Full Program »
Reinhardt: Real-time Reconfigurable Hardware Architecture for Regular Expression Matching in DPI
Regular expression (regex) matching is an integral part of deep packet inspection (DPI) but a major bottleneck due to its low performance. To accelerate regex matching (REM), FPGA-based studies have emerged and exploited parallelism by matching multiple regex patterns concurrently. Although guaranteeing high-performance, existing FPGA-based regex solutions, however, do not support dynamic updates in run time. Hence, it was inappropriate as a DPI function due to frequently altered malicious signatures. In this work, we introduce Reinhardt, a real-time reconfigurable hardware architecture for REM. Reinhardt represents regex patterns as a combination of reconfigurable cells in hardware and updates regex patterns in real-time while providing high performance. We implement the prototype using NetFPGA-SUME, and our evaluation demonstrates that Reinhardt updates hundreds of patterns within a second, and achieves 1.4-10 Gbps throughput with 800-160 regex patterns. Our case studies show that Reinhardt practically works for not only NIDS/IPS but also hardware acceleration in Snort IDS.