Networked computing resources encounter potentially compromising attacks conveyed by network traffic. To combat such attacks, purpose-built hardware and software have been developed to implement intrusion detection and prevention (IDP) systems. IDP processing includes signature-based methods designed to inspect network activity and implement attack signature detection techniques which identify data patterns of known attacks. Attack signature detection uses signature analysis which involves the interpretation of a series of data packets using character strings that are previously determined to represent a known attack pattern.
Signature analysis may be accomplished by searching selected packet payloads using finite state machines or finite state automata (FSA) for signatures corresponding to specific known attacks. FSA state tables are typically stored in external memory such as dynamic random access memory (DRAM). Accessing and fetching the FSA state tables from the DRAM during IDP processing can be a primary factor in determining IDP processing throughput, which affects overall IDP system performance, particularly when large signature files or databases are involved and/or high-load monitoring (e.g., high date transfer rates and traffic volumes) is required.
Existing techniques for improving IDP memory read performance have been limited to using more powerful hardware, such as faster central processing units (CPUs). It would be desirable to more efficiently improve IDP memory read performance.