FPGA-Based Acceleration of Pattern Matching in YARA

String and regular expression pattern matching is an integral part of intrusion detection systems to detect potential threats. YARA is a pattern matching framework to identify malicious content by defining complex patterns and signatures. Software implementations of YARA on CPU do not meet the throughput requirements of core networks. We present a FPGA based hardware accelerator to boost the performance of pattern matching in YARA framework. The proposed architecture consists of pattern matching engines organized as two-dimensional stages and pipelines. We implemented rulesets of sizes varying from 8 to 200 rules with total number of patterns ranging from 128 to 6000. Post place-and-route results demonstrate that the proposed design achieves throughput ranging from 12.85 Gbps to 21.8 Gbps. This is an improvement of 8.8x to 14.5x in comparison with the throughput of 1.45 Gbps for a software implementation on a state of the art multi-core platform.