Title :
Performing Packet Content Inspection by Longest Prefix Matching Technology
Author :
Huang, Nen-Fu ; Chu, Yen-Ming ; Wu, Yen-Min ; Ho, Chia-Wen
Author_Institution :
Nat. Tsing Hua Univ., Hsinchu
Abstract :
This article presents a novel mechanism to perform packet content inspection by longest prefix matching (LPM) technology. It is done by transforming the automaton-based state table lookup problem into the famous LPM table lookup problem. Two key features, symbol-wise prefix and magic state are observed on the state table to make it possible to utilize IP lookup techniques for string matching. The proposed mechanism is verified to be effective through Lulea algorithm. Also, the practicability is evaluated by employing realistic attack signatures and traffic traces. The experimental results indicate that a state table constructed from the Snort 2.4 patterns can be converted into a prefix table that requires only 2.5% of the memory utilized in the original state table. Compared with the state-of-the-art researches, the proposed scheme has more than 3 times of efficiency, achieving a better balance between required memory size and throughput rate.
Keywords :
IP networks; automata theory; digital signatures; string matching; table lookup; telecommunication security; telecommunication traffic; IP lookup technique; automaton-based state table lookup problem; longest prefix matching; magic state; network traffic; packet content inspection; realistic attack signature; string matching; symbol-wise prefix; Automata; Computer science; Doped fiber amplifiers; Filters; Home appliances; Inspection; Pattern matching; Silicon; Table lookup; Throughput;
Conference_Titel :
Global Telecommunications Conference, 2007. GLOBECOM '07. IEEE
Conference_Location :
Washington, DC
Print_ISBN :
978-1-4244-1042-2
Electronic_ISBN :
978-1-4244-1043-9
DOI :
10.1109/GLOCOM.2007.10
