DocumentCode
2493722
Title
Performing Packet Content Inspection by Longest Prefix Matching Technology
Author
Huang, Nen-Fu ; Chu, Yen-Ming ; Wu, Yen-Min ; Ho, Chia-Wen
Author_Institution
Nat. Tsing Hua Univ., Hsinchu
fYear
2007
fDate
26-30 Nov. 2007
Firstpage
11
Lastpage
15
Abstract
This article presents a novel mechanism to perform packet content inspection by longest prefix matching (LPM) technology. It is done by transforming the automaton-based state table lookup problem into the famous LPM table lookup problem. Two key features, symbol-wise prefix and magic state are observed on the state table to make it possible to utilize IP lookup techniques for string matching. The proposed mechanism is verified to be effective through Lulea algorithm. Also, the practicability is evaluated by employing realistic attack signatures and traffic traces. The experimental results indicate that a state table constructed from the Snort 2.4 patterns can be converted into a prefix table that requires only 2.5% of the memory utilized in the original state table. Compared with the state-of-the-art researches, the proposed scheme has more than 3 times of efficiency, achieving a better balance between required memory size and throughput rate.
Keywords
IP networks; automata theory; digital signatures; string matching; table lookup; telecommunication security; telecommunication traffic; IP lookup technique; automaton-based state table lookup problem; longest prefix matching; magic state; network traffic; packet content inspection; realistic attack signature; string matching; symbol-wise prefix; Automata; Computer science; Doped fiber amplifiers; Filters; Home appliances; Inspection; Pattern matching; Silicon; Table lookup; Throughput;
fLanguage
English
Publisher
ieee
Conference_Titel
Global Telecommunications Conference, 2007. GLOBECOM '07. IEEE
Conference_Location
Washington, DC
Print_ISBN
978-1-4244-1042-2
Electronic_ISBN
978-1-4244-1043-9
Type
conf
DOI
10.1109/GLOCOM.2007.10
Filename
4410920
Link To Document