Security

Fast Regular Expression Matching Using Small TCAMs for Network Intrusion Detection and Prevention Systems

Download Now Date Added: Jun 2010
Format: PDF

Regular Expression (RE) matching is a core component of deep packet inspection in modern networking and security devices. This paper proposes the first hardware-based RE matching approaches that uses Ternary Content Addressable Memories (TCAMs), which are off-the-shelf chips and have been widely deployed in modern networking devices for packet classification. The authors propose three novel techniques to reduce TCAM space and improve RE matching speed: transition sharing, table consolidation, and variable striding.