Go to ICOIN 2008 homepageA High Performance and Scalable Packet Pattern-Matching Architecture
Abstract: Pattern-matching is often used in network security mechanisms, which detect the predefined signature strings or keywords starting at an arbitrary location in the payload. Such mechanisms require the network to inspect the packet payload at line rates to filter the worms or virus. These signature sets are large and some signature can be as long as more than 2000 byte. This paper propose a high performance and scalable packet pattern-matching architecture. Bloom filter engines are used in front-end for membership query which can achieve high performance, and an lookup table is used in back-end to performance deterministic string-matching. In order to solve the scalability problem in using Bloom filter to detect long pattern, prefix register heap is used to keep the intermediate status. The architecture can achieve gigabytes throughput with large pattern set and long patterns. A great saving in hardware resource also proves that the architecture is very scalable.
0 Replies
Loading