http://iet.metastore.ingenta.com
1887

Fast 2D filter with low false positive for network packet inspection

Fast 2D filter with low false positive for network packet inspection

For access to this article, please select a purchase option:

Buy article PDF
$19.95
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Networks — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Deep packet inspection (DPI) represents the major process in network intrusion detection and prevention systems. In DPI each security threat is represented as a signature, and the payload of every incoming data packet is matched against the set of current signatures. Moreover, DPI is also used for other networking applications such as packet classification, quality of service techniques, protocol identification and so on. DPI exhausts extra central processing unit and memory resources, and as a result, several attempts have been proposed to improve this process. In this study, the authors proposed a fast two-dimensional (2D) filter with low false positive (FP) rate for DPI purposes. It consists of 2D array that employs single hash function and has very low FP rate. Using this filter as an identification tool in a DPI technique will result in more accurate and higher throughput than other systems that employ Bloom (BFs) and quotient filters (QFs). Our experiments show that the proposed solution has time improvement up to 94% over others that employ BFs or QFs and the achieved average throughput is 1.8 Gbps.

References

    1. 1)
      • 1. Fernandes, S., Antonello, R., Lacerda, T., et al: ‘Slimming down deep packet inspection systems’. INFOCOM Workshops 2009, IEEE, 2009, pp. 16.
    2. 2)
      • 2. Zhan, Y.R., Wang, Z.S.: ‘Deep packet inspection based on many-core platform’, J. Comput. Commun., 2015, 3, (05), p. 1.
    3. 3)
      • 3. Kind, A., Dimitropoulos, X., Denazis, S., et al: ‘Advanced network monitoring brings life to the awareness plane’, IEEE Commun. Mag., 2008, 46, (10), pp. 140146.
    4. 4)
      • 4. DeRose, M.A.: ‘Deep packet inspection and its effects on net neutrality’ (Regis University, 2010).
    5. 5)
      • 5. Cho, Y., Smith, W.: ‘Deep packet filter with dedicated logic and read only memories’. IEEE Symp. Field-Programmable Custom Computing Machines, Napa Valley, CA, April 2004.
    6. 6)
      • 6. Cho, Y., Smith, W.: ‘Deep network packet filter design for reconfigurable devices’. 12th Conf. Field Programmable Logic and Applications, Montpellier, France, September 2002, pp. 452461.
    7. 7)
      • 7. Cho, Y., Smith, W.: ‘Programmable hardware for deep packet filtering on a large signature set’. First IBM Watson P = ac2 Conf., Yorktown, NY, 2004.
    8. 8)
      • 8. Zink, T., Waldvogel, M.: ‘Efficient hash tables for network applications’, SpringerPlus, 2015, 4, (1), pp. 222232.
    9. 9)
      • 9. Chen, Y., Kumar, A., Jim Xu, J.: ‘A new design of Bloom filter for packet inspection speedup’. Global Telecommunications Conf., 2007 GLOBECOM'07, 2007, pp. 15.
    10. 10)
      • 10. Kocak, T., Kaya, I.: ‘Low-power Bloom filter architecture for deep packet inspection’, IEEE Commun. Lett., 2006, 10, (3), pp. 210212.
    11. 11)
      • 11. Dharmapurikar, S., Krishnamurthy, P., Sproull, T., et al: ‘Deep packet inspection using parallel Bloom filters’. Proc. 11th Symp. High Performance Interconnects, 2003, 2003, pp. 4451.
    12. 12)
      • 12. Artan, N., Sinkar, K., Patel, J., et al: ‘Aggregated Bloom filters for intrusion detection and prevention hardware’. IEEE GLOBECOM 2007, IEEE Global Telecommunications Conf., November 2007.
    13. 13)
      • 13. Natarajan, A., Subramanian, S.: ‘Payload inspection using parallel Bloom filter in dual core processor’, CIS Comput. Inf. Sci., 2010, 3, (4), pp. 305317.
    14. 14)
      • 14. Zengin, S., Schmidt, E.G.: ‘A fast and accurate hardware string matching module with Bloom filters’, IEEE Trans. Parallel Distrib. Syst., 2016, 28, (2), pp. 305317.
    15. 15)
      • 15. Al-hisnawi, M., Ahmadi, M.: ‘Deep packet inspection using quotient filter’, IEEE Commun. Lett., 2016, 20, (11), pp. 22172220.
    16. 16)
      • 16. Barr, A., David, S., Harchol, Y., et al: ‘Leveraging traffic repetitions for high-speed deep packet inspection’. IEEE Conf. Computer Communications (INFOCOM), May 2015.
    17. 17)
      • 17. Wang, K., Fu, Z., Hu, X., et al: ‘Practical regular expression matching free of scalability and performance barriers’, Comput. Commun., 2014, 54, pp. 97119.
    18. 18)
      • 18. Kim, H.: ‘A scalable architecture for reducing power consumption in pipelined deep packet inspection system’, Microelectron. J., 2015, 46, (10), pp. 950955.
    19. 19)
      • 19. Koral, Y.: ‘High performance deep packet inspection’. PhD dissertation, Tel Aviv University, 2012.
    20. 20)
      • 20. Liu, C., Wu, J.: ‘Fast deep packet inspection with a dual finite automata’, IEEE Trans. Comput., 2013, 62, (2), pp. 310321.
    21. 21)
      • 21. Kim, H., Lee, S.: ‘A hardware-based string matching using state transition compression for deep packet inspection’, ETRI J., 2013, 35, (1), pp. 154157.
    22. 22)
      • 22. Najam, M., Younis, U., Ur Rasool, R.: ‘Speculative parallel pattern matching using stride-k DFA for deep packet inspection’, J. Netw. Comput. Appl., 2015, 54, pp. 7887.
    23. 23)
      • 23. Chen, X., Jones, B., Becchi, M., et al: ‘Picking Pesky parameters: optimizing regular expression matching in practice’, IEEE Trans. Parallel Distrib. Syst., 2016, 27, (5), pp. 14301442.
    24. 24)
      • 24. Bando, M.: ‘High-performance packet processing for IP route lookup and deep packet inspection’, 2011.
    25. 25)
      • 25. Fisk, M., Varghese, G.: ‘An analysis of fast string matching applied to content based forwarding and intrusion detection’. Technical Report CS2001-0670 (updated version), 2002.
    26. 26)
      • 26. Parvat, T., Chandra, P.: ‘A novel approach to deep packet inspection for intrusion detection’, Procedia Comput. Sci., 2015, 45, pp. 506513.
    27. 27)
      • 27. Boukhtouta, A., Mokhov, S., Lakhdari, N., et al: ‘Network malware classification comparison using DPI and flow packet headers’, J. Comput. Virol. Hacking Tech., 2015, pp. 132.
    28. 28)
      • 28. Lacerda, T.: ‘On the optimization of deep packet inspection’ (Federal University of Pemambuco Graduation in Computer Science, Informatics Center, 2008).
    29. 29)
      • 29. Alshammari, R., Zincir-Heywood, A.: ‘Unveiling Skype encrypted tunnels using GP’. Proc. 2010 IEEE Congress on Evolutionary Computation (CEC), Barcelona, Spain, July 2010, pp. 18.
    30. 30)
      • 30. Bujlow, T.: ‘Classification and analysis of computer network traffic’ (Videnbasen for Aalborg Universitet VBN, Aalborg Universitet, Det Teknisk-Naturvidenskabelige Fakultet The Faculty of Engineering and Science, 2014).
    31. 31)
      • 31. Bloom, B.H.: ‘Space/time trade-offs in hash coding with allowable errors’, Commun. ACM, 1970, 13, (7), pp. 422426.
    32. 32)
      • 32. Wu, H., Yang, D., Zhang, H.: ‘SybilBF: defending against Sybil attacks via Bloom filters’, ETRI J., 2011, 33, (5), pp. 826829.
    33. 33)
      • 33. Yao, Y., Xiong, S., Qi, H., et al: ‘Efficient histogram estimation for smart grid data processing with the loglog-Bloom-filter’, IEEE Trans. Smart Grid, 2015, 6, (1), pp. 199208.
    34. 34)
      • 34. Song, H., Hao, F., Kodialam, M., et al: ‘IPv6 lookups using distributed and load balanced Bloom filters for 100 Gbps core router line cards’. IEEE INFOCOM 2009 – The 28th Conf. Computer Communications, 2009.
    35. 35)
      • 35. Liu, X., Qi, H., Li, K., et al: ‘Sampling Bloom filter-based detection of unknown RFID tags’, IEEE Trans. Commun., 2015, 63, (4), pp. 14321442.
    36. 36)
      • 36. Bonomi, F., Mitzenmacher, M., Panigrahy, R., et al: ‘An improved construction for counting Bloom filters’, Lecture Notes in Computer Science Algorithms, 14 (ESA, 2006), pp. 684695.
    37. 37)
      • 37. Sanchez-Hernandez, J., Menchaca-Mendez, R., Menchaca-Mendez, R., et al: ‘A Bloom filter-based algorithm for routing in intermittently connected mobile networks’. Proc. 18th ACM Int. Conf. Modeling, Analysis and Simulation of Wireless and Mobile Systems – MSWiM ‘15, November 2015, pp. 319326.
    38. 38)
      • 38. Knuth, D.E.: ‘The art of computer programming: sorting and searching’, vol. 3 (Addison Wesley, 1973).
    39. 39)
      • 39. Bender, M., Farach-Colton, M., Johnson, R., et al: ‘Don't thrash: how to cache your hash on flash’, Proc. VLDB Endowment, 2012, 5, (11), pp. 16271637.
    40. 40)
      • 40. Tomasz, B., Carela-Espanol, V., Barlet-Ros, P.: ‘Independent comparison of popular DPI tools for traffic classification’, Comput. Netw., 2015, 76, (C), pp. 7589.
    41. 41)
      • 41. Carela-Espanol, V., Bujlow, T., Barlet-Ros, P.: ‘Is our ground-truth for traffic classification reliable?’. Proc. 15th Int. Passive and Active Measurement Conf. (PAM 14), 2014, (LNCS, 8362), pp. 98108.
    42. 42)
      • 42. Carela-Espanol, V., Barlet-Ros, P., Cabellos-Aparicio, A., et al: ‘Analysis of the impact of sampling on NetFlow traffic classification’, Comput. Netw., 2011, 55, (5), pp. 10831099.
    43. 43)
      • 43. Raynaud, X.: ‘http://www.eclipse.org/linuxtools/projectPages/gprof/’, Linux Tools-Gprof Support, Web. 24 April 2016.
    44. 44)
      • 44. Putze, F., Sanders, P., Johannes, S.: ‘Cache-, hash- and space-efficient Bloom filters’, J. Exp. Algorithms, 2007, 14, (4), pp. 108121.
    45. 45)
      • 45. Fan, L., Cao, P., Almeida, J., et al: ‘Summary cache: a scalable wide-area web cache sharing protocol’, IEEE/ACM Trans. Netw. IEEE/ACM Trans. Netw., 2000, 8, (3), pp. 281293.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-net.2017.0055
Loading

Related content

content/journals/10.1049/iet-net.2017.0055
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address