Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
INFOCOM
2010
IEEE
2010
IEEE
Scalable NIDS via Negative Pattern Matching and Exclusive Pattern Matching
i In this paper, we identify the unique challenges in deploying parallelism on TCAM-based pattern matching for Network Intrusion Detection Systems (NIDSes). We resolve two critical issues when designing scalable parallelism specifically for pattern matching modules: 1) how to enable fine-grained parallelism in pursuit of effective load balancing and desirable speedup simultaneously; and 2) how to reconcile the tension between parallel processing speedup and prohibitive TCAM power consumption. To this end, we first propose the novel concept of Negative Pattern Matching to partition flows, by which the number of TCAM lookups can be significantly reduced, and the resulting (fine-grained) flow segments can be inspected in parallel without incurring false negatives. Then we propose the notion of Exclusive Pattern Matching to divide the entire pattern set into multiple subsets which can later be matched against selectively and independently without affecting the correctness. We show that Ex...
Real-time Traffic| Added | 28 Jan 2011 |
| Updated | 28 Jan 2011 |
| Type | Journal |
| Year | 2010 |
| Where | INFOCOM |
| Authors | Kai Zheng, Xin Zhang, Zhiping Cai, Zhijun Wang, Baohua Yang |
Comments (0)
Researcher Info
|
