Name
Abstract | ||
|---|---|---|
This article presents a novel mechanism to perform packet content inspection by longest prefix matching (LPM) technology. It is done by transforming the automaton-based state table lookup problem into the famous LPM table lookup problem. Two key features, symbol-wise prefix and magic state are observed on the state table to make it possible to utilize IP lookup techniques for string matching. The proposed mechanism is verified to be effective through Lulea algorithm. Also, the practicability is evaluated by employing realistic attack signatures and traffic traces. The experimental results indicate that a state table constructed from the Snort 2.4 patterns can be converted into a prefix table that requires only 2.5% of the memory utilized in the original state table. Compared with the state-of-the-art researches, the proposed scheme has more than 3 times of efficiency, achieving a better balance between required memory size and throughput rate. |
Year | DOI | Venue |
|---|---|---|
2007 | 10.1109/GLOCOM.2007.10 | GLOBECOM |
Keywords | Field | DocType |
automata theory,ip networks,network traffic,string matching,symbol-wise prefix,ip lookup technique,magic state,packet content inspection,digital signatures,telecommunication security,telecommunication traffic,automaton-based state table lookup problem,realistic attack signature,table lookup,longest prefix matching,indexing terms | Throughput (business),String searching algorithm,State transition table,Deep content inspection,Computer science,Automaton,Network packet,Algorithm,Computer network,Prefix,Longest prefix match | Conference |
ISSN | ISBN | Citations |
1930-529X | 978-1-4244-1043-9 | 1 |
PageRank | References | Authors |
0.38 | 16 | 4 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Nen-Fu Huang | 1 | 620 | 72.93 |
| Yen-Ming Chu | 2 | 70 | 8.06 |
| Yen-min Wu | 3 | 4 | 1.53 |
| Chia-wen Ho | 4 | 13 | 1.01 |