Reviewer: Ben Wun
Date: 12-8-2005
How would you rate this paper, relative to others we have read? top 25%, but not top 10%
How would you rate your knowledge of the topic of this paper? novice
What problem or issue does the paper address? Why is it important?
This paper addresses the problem of speeding up string matching as applied to intrusion detection and prevention in networks. This is important because it is computationally expensive but must be done at line rates.
What are the main contributions of the paper and why are they important?
This paper provides a method of building state machines to do string matching that is space efficient, fast, with bounded worst case performance, and easily updatable. They claim a 10x increase in efficiency over existing solutions.
How significant are these contributions relative to previous work?
This contribution seems fairly important, as previous work does not allow rapid updates while keeping the system on line, and this is important since the rule sets may evolve rapidly.
Give detailed comments justifying your view of the paper.
The method of splitting the state machines into smaller state machines to examine the bits of a byte in parallel to accelerate the search and save space seems like an interesting one. Their results seem impressive- they can gurantee 10Gbps throughput in the worst case, as opposed to 8 for the the best FPGA implementation. In addition, they do this with less area.
Overall, I think this is a good paper- they clearly describe their design and addressed a very important issue for practical implementation in their fast, on-line update mechanism.