Paper Info
Title
A unique-pattern based pre-filtering method for rule matching of network security
Abstract
As a result of continually changing Internet and applications, more and more advanced features are requested to be available in the appliance for more accurately monitoring and managing the network. Therefore, modern networking appliances are equipped with the DPI (Deep Packet Inspection) technology to scan the payload of a packet. A rule (like Snort rules) may consist of several patterns with certain relationships, such as order, relative positions, and offset, etc. The system performance is usually dominated by not only the pattern matching algorithm but also the rule match processing algorithm. This paper proposes a unique-pattern based pre-filtering method for the rule matching. It is employed to filter out unwanted matches after scanning the packet payload by the pattern matching algorithm. The proposed algorithm is also implemented on different multi-core platforms to demonstrate its efficiency and performance. The experimental results indicate that the throughput is improved significantly and can be increased approximately linearly to the number of CPU cores.
Year
DOI
Venue
2012
10.1109/APCC.2012.6388294
APCC
Keywords
Field
DocType
internet,computer network security,filtering theory,dpi,snort rules,deep packet inspection technology,multicore platform,network security,networking appliance,pattern matching,rule matching,unique-pattern based prefiltering,deep packet inspection,pre-filtering
String searching algorithm,Deep packet inspection,Deep content inspection,Computer science,Network security,Network packet,Filter (signal processing),Computer network,Real-time computing,Throughput,Payload
Conference
ISSN
ISBN
Citations 
2163-0771
978-1-4673-4727-3
2
PageRank 
References 
Authors
0.37
8
3
Name
Order
Citations
PageRank
Nen-Fu Huang162072.93
Hsien-Wei Hung2344.42
Wen-Yen Tsai3353.43