Fast Packet Inspection Using State-Based Bloom Filter Engine
作者: Ming-Jiang YE
DOI: 10.1360/JOS180117
关键词:
摘要: More and more network security applications depend on inspecting the content of packets to detect malicious attacks. To these attacks online, packet inspection demands exceptionally high performance. A lot research works have been done in this field, yet there is still significant room for improvement throughput scalability. This paper proposes a fast algorithm based state-based Bloom filter engines (SABFE). achieve throughput, parallel design adopted when searching one engine between multiple engines. In addition, specific lookup table prefix register heap are constructed SABFE keep state matched sake detecting long patterns. The analysis evaluation show that can satisfy wire speed detection requirement
sci-hub.st 参考文章(13)
Michael Attig, Sarang Dharmapurikar, John Lockwood, Design and Implementation of a String Matching System for Network Intrusion Detection using FPGA-based Bloom Filters ,(2004) , 10.7936/K7R78CKP
Fang Yu, R.H. Katz, T.V. Lakshman, Gigabit rate packet pattern-matching using TCAM international conference on network protocols. pp. 174- 183 ,(2004) , 10.1109/ICNP.2004.1348108
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, Inside the Slammer worm ieee symposium on security and privacy. ,vol. 1, pp. 33- 39 ,(2003) , 10.1109/MSECP.2003.1219056
David Moore, Colleen Shannon, k claffy, Code-Red: a case study on the spread and victims of an internet worm acm special interest group on data communication. pp. 273- 284 ,(2002) , 10.1145/637201.637244
S. Dharmapurikar, P. Krishnamurthy, T. Sproull, J. Lockwood, Deep packet inspection using parallel Bloom filters high performance interconnects. pp. 44- 51 ,(2003) , 10.1109/CONECT.2003.1231477
R. A. Baeza-Yates, Algorithms for string searching international acm sigir conference on research and development in information retrieval. ,vol. 23, pp. 34- 58 ,(1989) , 10.1145/74697.74700
Burton H. Bloom, Space/time trade-offs in hash coding with allowable errors Communications of the ACM. ,vol. 13, pp. 422- 426 ,(1970) , 10.1145/362686.362692
Haoyu Song, Sarang Dharmapurikar, Jonathan Turner, John Lockwood, Fast hash table lookup using extended bloom filter: an aid to network processing acm special interest group on data communication. ,vol. 35, pp. 181- 192 ,(2005) , 10.1145/1080091.1080114
N. Tuck, T. Sherwood, B. Calder, G. Varghese, Deterministic memory-efficient string matching algorithms for intrusion detection international conference on computer communications. ,vol. 4, pp. 2628- 2639 ,(2004) , 10.1109/INFCOM.2004.1354682