Filters








167 Hits in 3.6 sec

Gigabit rate packet pattern-matching using TCAM

Fang Yu, R.H. Katz, T.V. Lakshman
Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004.  
This paper develops a Ternary Content Addressable Memory (TCAM) based multiple-pattern matching scheme.  ...  Such mechanisms require the network to inspect the packet payload at line rates to detect and filter those packets containing worm signatures.  ...  To operate SNORT-like intrusion detection systems at multi-gigabit rates using hardware acceleration, one possibility is to use Ternary Content Addressable Memories (TCAM).  ... 
doi:10.1109/icnp.2004.1348108 dblp:conf/icnp/FangKL04 fatcat:5v7gxquvgvctvhv7xvbmxjlfgm

A multi-gigabit rate deep packet inspection algorithm using TCAM

Jung-Sik Sung, Seok-Min Kang, Youngseok Lee, Taeck-Geun Kwon, Bong-Tae Kim
2005 GLOBECOM '05. IEEE Global Telecommunications Conference, 2005.  
This paper devises a high-speed deep packet inspection algorithm with TCAM by using an m-byte jumping window pattern-matching scheme.  ...  Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload.  ...  Therefore, multi-gigabit rate secure routers need 10Gbps scan rate for detecting malicious signatures from the packets.  ... 
doi:10.1109/glocom.2005.1577667 dblp:conf/globecom/SungKLKK05 fatcat:awf7e4chhndfdfi2rdylfqptvy

A Fast Pattern-Matching Algorithm for Network Intrusion Detection System [chapter]

Jung-Sik Sung, Seok-Min Kang, Taeck-Geun Kwon
2006 Lecture Notes in Computer Science  
We present a multi-gigabit rate multiple pattern-matching algorithm with TCAM that enables protecting against malicious attacks in a high-speed network.  ...  Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload in order to inspect the content.  ...  Gigabit rate pattern-matching algorithms such as [7] , [8] are TCAM-based algorithms that can be used with TCAM.  ... 
doi:10.1007/11753810_102 fatcat:vlao6hlvz5cpfjpwufiiaiy2ru

Improved TCAM-Based Pre-Filtering for Network Intrusion Detection Systems

Yeim-Kuan Chang, Ming-Li Tsai, Cheng-Chien Su
2008 22nd International Conference on Advanced Information Networking and Applications (aina 2008)  
We finally present the simulation result using Snort pattern set and DEFCON packet traces.  ...  The first technique performs the w-byte suffix pattern match instead of using w-byte prefix. The second technique finds the matching results from all groups rather than first group.  ...  Since the DEFCON traces tend to match patterns in nature, the pattern-match rate is higher than normal packets.  ... 
doi:10.1109/aina.2008.120 dblp:conf/aina/ChangTS08 fatcat:nrgmxq7vxzcwjbkoy6akfrvw4i

An Extensible, System-On-Programmable-Chip, Content-Aware Internet Firewall [chapter]

John W. Lockwood, Christopher Neely, Christopher Zuver, James Moscola, Sarang Dharmapurikar, David Lim
2003 Lecture Notes in Computer Science  
An extensible firewall has been implemented that performs packet filtering, content scanning, and per-flow queuing of Internet packets at Gigabit/second rates.  ...  The firewall uses layered protocol wrappers to parse the content of Internet data. Packet payloads are scanned for keywords using parallel regular expression matching circuits.  ...  By using parallel hardware and deeply pipelined circuits, the SOPC firewall can process protocol headers with TCAMS and search the entire payload using regular expression matching at rates over 2 Gigabits  ... 
doi:10.1007/978-3-540-45234-8_83 fatcat:7h7mkr4gm5cjzjfbaybq7e4fva

Managing Heterogeneous Processor Machine Dependencies in Computer Network Applications [chapter]

Ralph Duncan, Peder Jungck, Kenneth Ross, Jim Frandeen, Greg Triplett
2014 Lecture Notes in Computer Science  
Executing complex network packet applications typically requires using network processors and parallel processing to handle packet transmission speeds of 1 gigabit per second and beyond.  ...  Heterogeneous computing approaches also employ specialized coprocessors, such as associative memory processors for flow matching and regular expression (regex) processors for packet payload searching.  ...  Fig. 4 . 4 Searching packet data via a regex system. Copyright CloudShield Technologies, 2013. Fig. 5 . 5 (a) Using a TCAM coprocessor to match a bit pattern.  ... 
doi:10.1007/978-3-642-54420-0_28 fatcat:vsphqx2xb5fypb3vyeviz5wszy

High performance string matching algorithm for a network intrusion prevention system (NIPS)

Y. Weinsberg, S. Tzur-David, D. Dolev, T. Anker
2006 2006 Workshop on High Performance Switching and Routing  
The algorithm uses a Ternary Content Addressable Memory (TCAM) and is capable of matching multiple patterns in a single operation.  ...  With networking speeds doubling every year, it is becoming increasingly difficult for software based solutions to keep up with the line rates. This paper presents a novel pattern-matching algorithm.  ...  The RTCAM algorithm enables the NIPS appliance to operate at an aggregate rate of several gigabit per second. A.  ... 
doi:10.1109/hpsr.2006.1709697 fatcat:yg257gn43vh4tefxn6pxisqxka

A High-Speed Network Content Filtering System [chapter]

Guohong Zhao, Shuhui Chen, Baokang Zhao, Ilsun You, Jinshu Su, Wanrong Yu
2014 Lecture Notes in Computer Science  
In CNCFS, a TCAM based algorithm named Linking Shared Multi-Match (LSMM) is implemented, which can speed up large scale Multi-Pattern Multi-Matching greatly.  ...  Also, this system can also be used in high speed mobile networks which need to deal with the security of fast handover of mobile users.  ...  Fang Yu [6] proposed a method which could store long-pattern segments into TCAM and approach Gigabit matching speed.  ... 
doi:10.1007/978-3-319-10975-6_20 fatcat:63zk3uwrv5hqtfkg4po7kjxa5e

A TCAM-based solution for integrated traffic anomaly detection and policy filtering

Zhijun Wang, Hao Che, Jiannong Cao, Jingshan Wang
2009 Computer Communications  
The key features of the solution are: (1) setting flag bits in TCAM action code to support various packet treatments; (2) managing TCP flow state in pair to do 2D matching.  ...  The attacking packets with spoofed source IP addresses are detected through two-dimensional (2D) matching.  ...  Hence, it is both technologically and economically important to develop integrated solutions for PF and Content Filtering (CF), matching multi-gigabit line rate or even higher.  ... 
doi:10.1016/j.comcom.2009.07.016 fatcat:tx2ytjoxh5esdluk3rq5uzbmhq

NFA-Based Pattern Matching for Deep Packet Inspection

Yan Sun, Victor C. Valgenti, Min Sik Kim
2011 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN)  
Pattern matching is a major task in deep packet inspection.  ...  In this paper, we propose an efficient NFAbased pattern matching in Binary Content Addressable Memory (BCAM), which uses data search words consisting of 1s and 0s.  ...  use TCAMs to perform pattern matching.  ... 
doi:10.1109/icccn.2011.6006095 dblp:conf/icccn/SunVK11 fatcat:gj5qhrlz6jgvfezewn5fplwugu

One Algorithm to Match Them All: On a Generic NIPS Pattern Matching Algorithm

Yaron Weinsberg, Shimrit Tzur-David, Danny Dolev, Tal Anker
2007 2007 Workshop on High Performance Switching and Routing  
Adapting a software-based pattern matching algorithm to an hardware-based device is a complicated task.  ...  The detection of network attacks utilizes a highspeed pattern matching algorithm that can be implemented in either hardware or software.  ...  This paper presents a novel pattern matching algorithm using FPGA, which enables the NIPS appliance to operate at an aggregate rate of several gigabits per second. II.  ... 
doi:10.1109/hpsr.2007.4281234 fatcat:xoqytjwksngkrhcsoydmt2ogei

Algorithms for advanced packet classification with ternary CAMs

Karthik Lakshminarayanan, Anand Rangarajan, Srinivasan Venkatachary
2005 Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications - SIGCOMM '05  
We describe a novel algorithm, called Multi-match Using Discriminators (MUD), that finds multiple matches without storing any per-search state information in the TCAM, thus making it suitable for multi-threaded  ...  In this paper, we propose algorithms for addressing two important problems that are encountered while using TCAMs: reducing range expansion and multi-match classification.  ...  To compute the guaranteed rate in millions of packets per second (MPPS), we assume a minimum packet size of 64 bytes [1] .  ... 
doi:10.1145/1080091.1080115 dblp:conf/sigcomm/LakshminarayananRV05 fatcat:2ntschivkvcavopt6mxtjau7ua

Algorithms for advanced packet classification with ternary CAMs

Karthik Lakshminarayanan, Anand Rangarajan, Srinivasan Venkatachary
2005 Computer communication review  
We describe a novel algorithm, called Multi-match Using Discriminators (MUD), that finds multiple matches without storing any per-search state information in the TCAM, thus making it suitable for multi-threaded  ...  In this paper, we propose algorithms for addressing two important problems that are encountered while using TCAMs: reducing range expansion and multi-match classification.  ...  To compute the guaranteed rate in millions of packets per second (MPPS), we assume a minimum packet size of 64 bytes [1] .  ... 
doi:10.1145/1090191.1080115 fatcat:5inlkmngtjbjdcgvc2eqpcuqpq

High Speed Pattern Matching for Network IDS/IPS

Mansoor Alicherry, M. Muthuprasanna, Vijay Kumar
2006 Proceedings of the 2006 IEEE International Conference on Network Protocols  
In this paper, we propose a novel multiple string matching algorithm that can process multiple characters at a time thus achieving multi-gigabit rate search speeds.  ...  We additionally propose novel optimizations by making use of the properties of TCAMs to significantly reduce the memory requirements of the proposed algorithm.  ...  We describe a TCAM-based hardware architecture to realistically achieve these higher data rates for virus/worm detection employing signature matching.  ... 
doi:10.1109/icnp.2006.320212 dblp:conf/icnp/AlicherryMK06 fatcat:tbqqy2xjl5hu7drck3ryo2r6ge

Building a Flexible and Scalable Virtual Hardware Data Plane [chapter]

Junjie Liu, Yingke Xie, Gaogang Xie, Layong Luo, Fuxing Zhang, Xiaolong Wu, Qingsong Ning, Hongtao Guan
2012 Lecture Notes in Computer Science  
The data plane uses a 5-stage pipeline design. The procedure of packet processing is unified with TCAM based rule matching and action based packet processing.  ...  And in each VDP instance, the pattern of packet processing can be flexibly configured. Also, it can achieve seamless migration of VDP instance between software and hardware.  ...  The extracted packet information along with the VID is used to match action matching rules in TCAM.  ... 
doi:10.1007/978-3-642-30045-5_16 fatcat:yzbp6yuh5bfjhad337mfte2vwi
« Previous Showing results 1 — 15 out of 167 results