Hybrid memory-efficient multimatch packet classification for NIDS
Network applications such as network intrusion detection systems (NIDSs) require multimatch packet classification, where all matched results need to be reported. Most researchers have adopted a TCAM-based architecture to enhance system performance, but TCAM consumes high amounts of power and require...
Gespeichert in:
| Veröffentlicht in: | Microprocessors and microsystems 2015-03, Vol.39 (2), p.113-121 |
|---|---|
| Hauptverfasser: | , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 121 |
|---|---|
| container_issue | 2 |
| container_start_page | 113 |
| container_title | Microprocessors and microsystems |
| container_volume | 39 |
| creator | Lee, KyuHee Yun, SangKyun |
| description | Network applications such as network intrusion detection systems (NIDSs) require multimatch packet classification, where all matched results need to be reported. Most researchers have adopted a TCAM-based architecture to enhance system performance, but TCAM consumes high amounts of power and requires a lot of memory resources. In this paper, we analyze the characteristics of the Snort rule set, and propose an memory-efficient multimatch packet classification architecture for NIDS using the result of analysis. The proposed hybrid architecture uses hash-based matching for searching single port numbers and k-ary tree matching for searching range port numbers and is synthesized on Altera Stratix IV FPGA. Compared with previous TCAM-based architectures, our design achieves over four times improvement in memory requirement and power consumption. Our architecture sustains 16.8–67.4Gbps throughput for minimum size (40bytes) packets. |
| doi_str_mv | 10.1016/j.micpro.2015.02.001 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1770275195</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0141933115000113</els_id><sourcerecordid>1770275195</sourcerecordid><originalsourceid>FETCH-LOGICAL-c339t-d33b6f95e27f391cfe526e94619baf0014e0dc899509786ba16e8cb9e460f7363</originalsourceid><addsrcrecordid>eNp9kD9PwzAUxC0EEqXwDRgysiQ824kTL0hV-VepggGYLcd5Fi5JU2wXqd8eV2FmesO7O939CLmmUFCg4nZTDM7s_FgwoFUBrACgJ2RGm5rlsuTilMyAljSXnNNzchHCBgAqEGxGFs-H1rsuG3AY_SFHa51xuI3ZsO-jG3Q0n9lOmy-Mmel1CC79dXTjNrOjz15W92-X5MzqPuDV352Tj8eH9-Vzvn59Wi0X69xwLmPecd4KKytkteWSGosVEyhLQWWrbSpcInSmkbICWTei1VRgY1qJpQBbc8Hn5GbKTUO_9xiiGlww2Pd6i-M-KFrXwOqKyipJy0lq_BiCR6t2Pm3xB0VBHYmpjZqIqSMxBUylAsl2N9kwzfhx6FU4sjDYOY8mqm50_wf8AnmadfA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1770275195</pqid></control><display><type>article</type><title>Hybrid memory-efficient multimatch packet classification for NIDS</title><source>ScienceDirect Journals (5 years ago - present)</source><creator>Lee, KyuHee ; Yun, SangKyun</creator><creatorcontrib>Lee, KyuHee ; Yun, SangKyun</creatorcontrib><description>Network applications such as network intrusion detection systems (NIDSs) require multimatch packet classification, where all matched results need to be reported. Most researchers have adopted a TCAM-based architecture to enhance system performance, but TCAM consumes high amounts of power and requires a lot of memory resources. In this paper, we analyze the characteristics of the Snort rule set, and propose an memory-efficient multimatch packet classification architecture for NIDS using the result of analysis. The proposed hybrid architecture uses hash-based matching for searching single port numbers and k-ary tree matching for searching range port numbers and is synthesized on Altera Stratix IV FPGA. Compared with previous TCAM-based architectures, our design achieves over four times improvement in memory requirement and power consumption. Our architecture sustains 16.8–67.4Gbps throughput for minimum size (40bytes) packets.</description><identifier>ISSN: 0141-9331</identifier><identifier>EISSN: 1872-9436</identifier><identifier>DOI: 10.1016/j.micpro.2015.02.001</identifier><language>eng</language><publisher>Elsevier B.V</publisher><subject>Architecture ; Classification ; FPGA ; Intrusion ; Matching ; Multimatch classification ; Networks ; NIDS ; Packet classification ; Ports ; Power consumption ; Range search ; Searching</subject><ispartof>Microprocessors and microsystems, 2015-03, Vol.39 (2), p.113-121</ispartof><rights>2015 Elsevier B.V.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c339t-d33b6f95e27f391cfe526e94619baf0014e0dc899509786ba16e8cb9e460f7363</citedby><cites>FETCH-LOGICAL-c339t-d33b6f95e27f391cfe526e94619baf0014e0dc899509786ba16e8cb9e460f7363</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.micpro.2015.02.001$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,780,784,3548,27923,27924,45994</link.rule.ids></links><search><creatorcontrib>Lee, KyuHee</creatorcontrib><creatorcontrib>Yun, SangKyun</creatorcontrib><title>Hybrid memory-efficient multimatch packet classification for NIDS</title><title>Microprocessors and microsystems</title><description>Network applications such as network intrusion detection systems (NIDSs) require multimatch packet classification, where all matched results need to be reported. Most researchers have adopted a TCAM-based architecture to enhance system performance, but TCAM consumes high amounts of power and requires a lot of memory resources. In this paper, we analyze the characteristics of the Snort rule set, and propose an memory-efficient multimatch packet classification architecture for NIDS using the result of analysis. The proposed hybrid architecture uses hash-based matching for searching single port numbers and k-ary tree matching for searching range port numbers and is synthesized on Altera Stratix IV FPGA. Compared with previous TCAM-based architectures, our design achieves over four times improvement in memory requirement and power consumption. Our architecture sustains 16.8–67.4Gbps throughput for minimum size (40bytes) packets.</description><subject>Architecture</subject><subject>Classification</subject><subject>FPGA</subject><subject>Intrusion</subject><subject>Matching</subject><subject>Multimatch classification</subject><subject>Networks</subject><subject>NIDS</subject><subject>Packet classification</subject><subject>Ports</subject><subject>Power consumption</subject><subject>Range search</subject><subject>Searching</subject><issn>0141-9331</issn><issn>1872-9436</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2015</creationdate><recordtype>article</recordtype><recordid>eNp9kD9PwzAUxC0EEqXwDRgysiQ824kTL0hV-VepggGYLcd5Fi5JU2wXqd8eV2FmesO7O939CLmmUFCg4nZTDM7s_FgwoFUBrACgJ2RGm5rlsuTilMyAljSXnNNzchHCBgAqEGxGFs-H1rsuG3AY_SFHa51xuI3ZsO-jG3Q0n9lOmy-Mmel1CC79dXTjNrOjz15W92-X5MzqPuDV352Tj8eH9-Vzvn59Wi0X69xwLmPecd4KKytkteWSGosVEyhLQWWrbSpcInSmkbICWTei1VRgY1qJpQBbc8Hn5GbKTUO_9xiiGlww2Pd6i-M-KFrXwOqKyipJy0lq_BiCR6t2Pm3xB0VBHYmpjZqIqSMxBUylAsl2N9kwzfhx6FU4sjDYOY8mqm50_wf8AnmadfA</recordid><startdate>20150301</startdate><enddate>20150301</enddate><creator>Lee, KyuHee</creator><creator>Yun, SangKyun</creator><general>Elsevier B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>F28</scope><scope>FR3</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20150301</creationdate><title>Hybrid memory-efficient multimatch packet classification for NIDS</title><author>Lee, KyuHee ; Yun, SangKyun</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c339t-d33b6f95e27f391cfe526e94619baf0014e0dc899509786ba16e8cb9e460f7363</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Architecture</topic><topic>Classification</topic><topic>FPGA</topic><topic>Intrusion</topic><topic>Matching</topic><topic>Multimatch classification</topic><topic>Networks</topic><topic>NIDS</topic><topic>Packet classification</topic><topic>Ports</topic><topic>Power consumption</topic><topic>Range search</topic><topic>Searching</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Lee, KyuHee</creatorcontrib><creatorcontrib>Yun, SangKyun</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ANTE: Abstracts in New Technology & Engineering</collection><collection>Engineering Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Microprocessors and microsystems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Lee, KyuHee</au><au>Yun, SangKyun</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Hybrid memory-efficient multimatch packet classification for NIDS</atitle><jtitle>Microprocessors and microsystems</jtitle><date>2015-03-01</date><risdate>2015</risdate><volume>39</volume><issue>2</issue><spage>113</spage><epage>121</epage><pages>113-121</pages><issn>0141-9331</issn><eissn>1872-9436</eissn><abstract>Network applications such as network intrusion detection systems (NIDSs) require multimatch packet classification, where all matched results need to be reported. Most researchers have adopted a TCAM-based architecture to enhance system performance, but TCAM consumes high amounts of power and requires a lot of memory resources. In this paper, we analyze the characteristics of the Snort rule set, and propose an memory-efficient multimatch packet classification architecture for NIDS using the result of analysis. The proposed hybrid architecture uses hash-based matching for searching single port numbers and k-ary tree matching for searching range port numbers and is synthesized on Altera Stratix IV FPGA. Compared with previous TCAM-based architectures, our design achieves over four times improvement in memory requirement and power consumption. Our architecture sustains 16.8–67.4Gbps throughput for minimum size (40bytes) packets.</abstract><pub>Elsevier B.V</pub><doi>10.1016/j.micpro.2015.02.001</doi><tpages>9</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0141-9331 |
| ispartof | Microprocessors and microsystems, 2015-03, Vol.39 (2), p.113-121 |
| issn | 0141-9331 1872-9436 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1770275195 |
| source | ScienceDirect Journals (5 years ago - present) |
| subjects | Architecture Classification FPGA Intrusion Matching Multimatch classification Networks NIDS Packet classification Ports Power consumption Range search Searching |
| title | Hybrid memory-efficient multimatch packet classification for NIDS |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-11T03%3A51%3A58IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Hybrid%20memory-efficient%20multimatch%20packet%20classification%20for%20NIDS&rft.jtitle=Microprocessors%20and%20microsystems&rft.au=Lee,%20KyuHee&rft.date=2015-03-01&rft.volume=39&rft.issue=2&rft.spage=113&rft.epage=121&rft.pages=113-121&rft.issn=0141-9331&rft.eissn=1872-9436&rft_id=info:doi/10.1016/j.micpro.2015.02.001&rft_dat=%3Cproquest_cross%3E1770275195%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1770275195&rft_id=info:pmid/&rft_els_id=S0141933115000113&rfr_iscdi=true |