Title :
A Sequence Encoding Scheme for Multi-match Packet Classification
Author :
Xia Deng;Zhiping Huang;Shaojing Su;Chunwu Liu;Guilin Tang;Yimeng Zhang
Author_Institution :
Dept. of Mechatron. Eng. & Instrum., Nat. Univ. of Defense Technol. Changsha, Changsha
Abstract :
Network intrusion detection systems (NIDS) require multi-match packet classification, where all matching results need to be reported. Ternary Content Addressable Memory (TCAM) is well suited for high-speed packet classification problem by fast parallel matching. However, TCAM can only report first result due to the priority encoder structure. An efficient multi-match scheme is introduced in this paper. Novel sequence encoding we proposed keeps all matching results output one by one in exactly one conventional lookup period. And the design is prototyped in an Altera FPGA and proved fast enough to sustain OC48 traffic throughput.
Keywords :
"Encoding","Intrusion detection","Throughput","Databases","Computer networks","Associative memory","Impedance matching","Filters","Communication system security","National security"
Conference_Titel :
Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC ´09. International Conference on
Print_ISBN :
978-0-7695-3610-1;978-1-4244-4223-2
DOI :
10.1109/NSWCTC.2009.76
