Efficient string matching: an aid to bibliographic search
Communications of the ACM
Reducing TCAM Power Consumption and Increasing Throughput
HOTI '02 Proceedings of the 10th Symposium on High Performance Interconnects HOT Interconnects
A Fast Pattern-Match Engine for Network Processor-based Network Intrusion Detection System
ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
Gigabit Rate Packet Pattern-Matching Using TCAM
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
SSA: a power and memory efficient scheme to multi-match packet classification
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Survey and taxonomy of packet classification techniques
ACM Computing Surveys (CSUR)
Pipelined Parallel AC-Based Approach for Multi-String Matching
ICPADS '08 Proceedings of the 2008 14th IEEE International Conference on Parallel and Distributed Systems
Pipelined Architecture for Multi-String Matching
IEEE Computer Architecture Letters
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
MCA2: multi-core architecture for mitigating complexity attacks
Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems
Software defined traffic measurement with OpenSketch
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Scalable TCAM-based regular expression matching with compressed finite automata
ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems
Journal of Network and Computer Applications
Fast Regular Expression Matching Using Small TCAM
IEEE/ACM Transactions on Networking (TON)
| Hi-index | 0.00 |
Pattern matching algorithms lie at the core of all contemporary Intrusion Detection Systems (IDS), making it intrinsic to reduce their speed and memory requirements. This paper focuses on the most popular class of pattern-matching algorithms, the Aho-Corasick-like algorithms, which are based on constructing and traversing a Deterministic Finite Automaton (DFA), representing the patterns. While this approach ensures deterministic time guarantees, modern IDSs need to deal with hundreds of patterns, thus requiring to store very large DFAs which usually do not fit in fast memory. This results in a major bottleneck on the throughput of the IDS, as well as its power consumption and cost. We propose a novel method to compress DFAs by observing that the name of the states is meaningless. While regular DFAs store separately each transition between two states, we use this degree of freedom and encode states in such a way that all transitions to a specific state can be represented by a single prefix that defines a set of current states. Our technique applies to a large class of automata, which can be categorized by simple properties. Then, the problem of pattern matching is reduced to the well-studied problem of Longest Prefix Matching (LPM) that can be solved either in TCAM, in commercially available IP-lookup chips, or in software. Specifically, we show that with a TCAM our scheme can reach a throughput of 10 Gbps with low power consumption.