A NFA-based programmable regular expression match engine

13 years 11 days ago
A NFA-based programmable regular expression match engine
Pattern matching is the most computation intensive task of a network intrusion detection system (NIDS). In this paper we present a hardware architecture to speed up the pattern matching process for deep packet inspection. The match engine is modeled as nondeterministic finite automata (NFA) with auxiliary hardware features to process repetition of sub-patterns without unrolling. The computation is table-driven and the system throughput is deterministic. The lookup tables are implemented using ternay content addressable memory (TCAM) and can be shared by multiple patterns. The overall table size is approximately equal to the number of transition edges in the NFA. Incremental changes to the pattern set can be accommodated by modifying the contents of the lookup tables without reconfiguring the hardware. This property allows the NIDS to have guick responses to hostile network environment.
Derek Pao
Added 16 Feb 2011
Updated 16 Feb 2011
Type Journal
Year 2009
Where ANCS
Authors Derek Pao
Comments (0)