| Network intrusion detection systems require all-match packet classification, where all rules matching a packet are reported by the system. The problem of efficiently reporting all matching rules is known as the all-match optimization problem. One solution is to convert an all-match classifier into a first-match classifier (in which only the first classifier rule that matches a packet is reported), and use ternary content addressable memory (TCAM) for packet classification.;In this thesis, we evaluate two classifier minimization approaches. First, we consider the use of all-match classifier-specific optimization algorithms. Second, we use state-of-the-art first-match classifier optimization algorithms in conjunction with all-match algorithms. Our results indicate the appropriate approach is related to the number of TCAM chips available for classification. When using one TCAM chip, we attain 70.85% TCAM space savings using first-match classifier optimization algorithms instead of all-match classifier optimization algorithms. When using multiple TCAM chips, we found that it is best to use all-match specific optimization algorithms. |
