Performance Evaluation of a Probabilistic Packet Filter Optimization Algorithm for High-Speed Network Monitoring

Because of the ever-increasing popularity of the Internet, network monitoring becomes very mission critical to guarantee the operation of IP networks, e.g. to detect network failures and stop intrusion attempts. A majority of these monitoring tasks require only a small subset of all passing packets, which share some common properties such as identical header fields or similar patterns in their data. Nowadays, next to the increasing network speed, much of these tasks become very complex. In order to capture only the useful packets, these applications need to evaluate a large set of expressions. In this paper, we present a platform independent filter and pattern matcher optimization algorithm, which reduces the required number of evaluated expressions. The performance of the algorithm will be validated both analytically and by means of a high-speed monitoring system.