Sciweavers

GLOBECOM
2007
IEEE

Performing Packet Content Inspection by Longest Prefix Matching Technology

14 years 5 months ago
Performing Packet Content Inspection by Longest Prefix Matching Technology
—This article presents a novel mechanism to perform packet content inspection by longest prefix matching (LPM) technology. It is done by transforming the automaton-based state table lookup problem into the famous LPM table lookup problem. Two key features, symbol-wise prefix and magic state are observed on the state table to make it possible to utilize IP lookup techniques for string matching. The proposed mechanism is verified to be effective through Lulea algorithm. Also, the practicability is evaluated by employing realistic attack signatures and traffic traces. The experimental results indicate that a state table constructed from the Snort 2.4 patterns can be converted into a prefix table that requires only 2.5% of the memory utilized in the original state table. Compared with the state-of-the-art researches, the proposed scheme has more than 3 times of efficiency, achieving a better balance between required memory size and throughput rate.
Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu, Chia-Wen H
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where GLOBECOM
Authors Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu, Chia-Wen Ho
Comments (0)