Title :
A Fast Multi-pattern Matching Algorithm for Deep Packet Inspection on a Network Processor
Author :
Ni, Jia ; Lin, Chuang ; Chen, Zhen ; Ungsunan, Peter
Author_Institution :
Dept. of Comput. Sci., Tsinghua Univ., Tsinghua
Abstract :
Deep Packet Inspection (DPI) is a critical function in network security applications such as Firewalls and Intrusion Detection Systems (IDS). Signature based scanners used in DPI apply multi-pattern matching algorithms to check whether the packet payload or flow content contains a specified signature in a signature set. Existing multi-pattern matching algorithms sacrifice memory space to achieve better performance. In this paper a novel fast multi-pattern matching algorithm, the Hash Boyer-Moore (HBM) Algorithm, is presented, which reduces the memory footprint of the heuristic table using a hash function and adds another heuristic table to reduce the false-positive ratio. Analyses and simulations show HBM offers higher speed and lower memory cost than some existing algorithms. The HBM algorithm was implemented on the Intel IXP 2400 Network Processor (NP) platform and experiments show suitable performance results in a Gigabit Ethernet LAN environment.
Keywords :
authorisation; computer networks; cryptography; digital signatures; pattern matching; telecommunication security; deep packet inspection; firewall; hash Boyer-Moore algorithm; heuristic table; intrusion detection system; multipattern matching algorithm; network processor; network security; signature based scanner; Algorithm design and analysis; Analytical models; Computer networks; Computer security; Costs; Filters; Inspection; Intrusion detection; Pattern matching; Payloads;
Conference_Titel :
Parallel Processing, 2007. ICPP 2007. International Conference on
Conference_Location :
Xi´an
Print_ISBN :
978-0-7695-2933-2
DOI :
10.1109/ICPP.2007.7
