Title :
Boundary Hash for Memory-Efficient Deep Packet Inspection
Author :
Artan, N. Sertac ; Bando, Masanori ; Chao, H. Jonathan
Author_Institution :
Electr. & Comput. Eng. Dept., Polytech. Univ., Brooklyn, OH
Abstract :
Network intrusion detection and prevention systems (NIDPSs) are critical for network security. The deep packet inspection (DPI) operation consumes a significant amount of resources in NIDPS. This is because to detect malicious activity DPI searches a database of signatures for each byte of every packet. In this paper, we develop a highly space-efficient data structure for hardware realization of minimal perfect hash functions (MPHFs). This data structure is simple to construct, requires 7 n bits to represent the MPHF for a set of n keys and allows high-speed DPI.
Keywords :
computer network management; security of data; telecommunication security; boundary hash; memory-efficient deep packet inspection; minimal perfect hash functions; network intrusion detection systems; network intrusion prevention systems; network security; space-efficient data structure; Costs; Data security; Data structures; Databases; Hardware; Inspection; Intrusion detection; Partitioning algorithms; Payloads; Peer to peer computing;
Conference_Titel :
Communications, 2008. ICC '08. IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-2075-9
Electronic_ISBN :
978-1-4244-2075-9
DOI :
10.1109/ICC.2008.333
