Sciweavers

Share
INFOCOM
2007
IEEE

TriBiCa: Trie Bitmap Content Analyzer for High-Speed Network Intrusion Detection

9 years 10 months ago
TriBiCa: Trie Bitmap Content Analyzer for High-Speed Network Intrusion Detection
Abstract—Deep packet inspection (DPI) is often used in network intrusion detection and prevention systems (NIDPS), where incoming packet payloads are compared against known attack signatures. Processing every single byte in the incoming packet payload has a very stringent time constraint, e.g., 200 ps for a 40-Gbps line. Traditional DPI systems either need a large memory space or use special memory such as ternary content addressable memory (TCAM), limiting parallelism, or yielding high cost/power consumption. In this paper, we present a highspeed, single-chip DPI scheme that is scalable and configurable through memory updates. The scheme is based on a novel data structure called TriBiCa (Trie Bitmap Content Analyzer), which provides minimal perfect hashing functionality. It uses a trie structure with a hash function performed at each layer. Branching is determined by the hashing results with an objective to evenly partition attack signatures into multiple groups at each layer. Duri...
N. Sertac Artan, H. Jonathan Chao
Added 03 Jun 2010
Updated 03 Jun 2010
Type Conference
Year 2007
Where INFOCOM
Authors N. Sertac Artan, H. Jonathan Chao
Comments (0)
books