Title :
A High Performance and Scalable Packet Pattern-Matching Architecture
Author :
Ye, Mingjiang ; Xu, Ke ; Wu, Jianping ; Cui, Yong
Author_Institution :
Tsinghua Univ., Beijing
Abstract :
Pattern-matching is often used in network security mechanisms, which detect the predefined signature strings or keywords starting at an arbitrary location in the payload. Such mechanisms require the network to inspect the packet payload at line rates to filter the worms or virus. These signature sets are large and some signature can be as long as more than 2000 byte. This paper propose a high performance and scalable packet pattern-matching architecture. Bloom filter engines are used in front-end for membership query which can achieve high performance, and an lookup table is used in back-end to performance deterministic string-matching. In order to solve the scalability problem in using Bloom filter to detect long pattern, prefix register heap is used to keep the intermediate status. The architecture can achieve gigabytes throughput with large pattern set and long patterns. A great saving in hardware resource also proves that the architecture is very scalable.
Keywords :
Internet; information filters; pattern matching; security of data; Bloom filter; deterministic string-matching; keywords starting; lookup table; membership query; network security mechanisms; packet payload; pattern-matching architecture; prefix register heap; signature strings; Computer architecture; Computer worms; Engines; Filters; Hardware; Inspection; Internet; Payloads; Scalability; Throughput;
Conference_Titel :
Information Networking, 2008. ICOIN 2008. International Conference on
Conference_Location :
Busan
Print_ISBN :
978-89-960761-1-7
Electronic_ISBN :
1976-7684
DOI :
10.1109/ICOIN.2008.4472764
