• DocumentCode
    1667265
  • Title

    Gigabit rate packet pattern-matching using TCAM

  • Author

    Fang Yu ; Katz, H. ; Lakshman, T.V.

  • Author_Institution
    Dept. of Electr. Eng. & Comput. Sci., California Univ., Berkeley, CA, USA
  • fYear
    2004
  • Firstpage
    174
  • Lastpage
    183
  • Abstract
    In today´s Internet, worms and viruses cause service disruptions with enormous economic impact. Current attack prevention mechanisms rely on end-user cooperation to install new system patches or upgrade security software, yielding slow reaction time. However, malicious attacks spread much faster than users can respond, making effective attack prevention difficult network-based mechanisms, by avoiding end-user coordination, can respond rapidly to new attacks. Such mechanisms require the network to inspect the packet payload at line rates to detect and filter those packets containing worm signatures. These signature sets are large (e.g., thousands) and complex. Software-only implementations are unlikely to meet the performance goals. Therefore, making a network-based scheme practical requires efficient algorithms suitable for hardware implementations. This work develops a ternary content addressable memory (TCAM) based multiple-pattern matching scheme. The scheme can handle complex patterns; such as arbitrarily long patterns, correlated patterns, and patterns with negation. For the ClamAv virus database with 1768 patterns whose sizes vary from 6 bytes to 2189 bytes, the proposed scheme can operate at a 2 Gbps rate with a 240 KB TCAM.
  • Keywords
    Internet; computer viruses; pattern matching; telecommunication security; ClamAv virus database; Internet virus; TCAM; end-user coordination; gigabit rate packet pattern-matching; multiple-pattern matching scheme; network-based mechanism; packet filtering; security software; ternary content addressable memory; Associative memory; Data security; Databases; Filtering; Hardware; Intrusion detection; Monitoring; Pattern matching; Payloads; Web and internet services;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Network Protocols, 2004. ICNP 2004. Proceedings of the 12th IEEE International Conference on
  • ISSN
    1092-1648
  • Print_ISBN
    0-7695-2161-4
  • Type

    conf

  • DOI
    10.1109/ICNP.2004.1348108
  • Filename
    1348108