Performing Packet Content Inspection by Longest Prefix Matching Technology

Author

Huang, Nen-Fu ; Chu, Yen-Ming ; Wu, Yen-Min ; Ho, Chia-Wen

Author_Institution

Nat. Tsing Hua Univ., Hsinchu

fYear

2007

fDate

26-30 Nov. 2007

Firstpage

11

Lastpage

15

Abstract

This article presents a novel mechanism to perform packet content inspection by longest prefix matching (LPM) technology. It is done by transforming the automaton-based state table lookup problem into the famous LPM table lookup problem. Two key features, symbol-wise prefix and magic state are observed on the state table to make it possible to utilize IP lookup techniques for string matching. The proposed mechanism is verified to be effective through Lulea algorithm. Also, the practicability is evaluated by employing realistic attack signatures and traffic traces. The experimental results indicate that a state table constructed from the Snort 2.4 patterns can be converted into a prefix table that requires only 2.5% of the memory utilized in the original state table. Compared with the state-of-the-art researches, the proposed scheme has more than 3 times of efficiency, achieving a better balance between required memory size and throughput rate.

Keywords

IP networks; automata theory; digital signatures; string matching; table lookup; telecommunication security; telecommunication traffic; IP lookup technique; automaton-based state table lookup problem; longest prefix matching; magic state; network traffic; packet content inspection; realistic attack signature; string matching; symbol-wise prefix; Automata; Computer science; Doped fiber amplifiers; Filters; Home appliances; Inspection; Pattern matching; Silicon; Table lookup; Throughput;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference, 2007. GLOBECOM '07. IEEE

Conference_Location

Washington, DC

Print_ISBN

978-1-4244-1042-2

Electronic_ISBN

978-1-4244-1043-9

Type

conf

DOI

10.1109/GLOCOM.2007.10

Filename

4410920