Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Fast 2D filter with low false positive for network packet inspection

Fast 2D filter with low false positive for network packet inspection

For access to this article, please select a purchase option:

Buy article PDF
$19.95
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Networks — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Deep packet inspection (DPI) represents the major process in network intrusion detection and prevention systems. In DPI each security threat is represented as a signature, and the payload of every incoming data packet is matched against the set of current signatures. Moreover, DPI is also used for other networking applications such as packet classification, quality of service techniques, protocol identification and so on. DPI exhausts extra central processing unit and memory resources, and as a result, several attempts have been proposed to improve this process. In this study, the authors proposed a fast two-dimensional (2D) filter with low false positive (FP) rate for DPI purposes. It consists of 2D array that employs single hash function and has very low FP rate. Using this filter as an identification tool in a DPI technique will result in more accurate and higher throughput than other systems that employ Bloom (BFs) and quotient filters (QFs). Our experiments show that the proposed solution has time improvement up to 94% over others that employ BFs or QFs and the achieved average throughput is 1.8 Gbps.

References

    1. 1)
      • 37. Sanchez-Hernandez, J., Menchaca-Mendez, R., Menchaca-Mendez, R., et al: ‘A Bloom filter-based algorithm for routing in intermittently connected mobile networks’. Proc. 18th ACM Int. Conf. Modeling, Analysis and Simulation of Wireless and Mobile Systems – MSWiM ‘15, November 2015, pp. 319326.
    2. 2)
      • 23. Chen, X., Jones, B., Becchi, M., et al: ‘Picking Pesky parameters: optimizing regular expression matching in practice’, IEEE Trans. Parallel Distrib. Syst., 2016, 27, (5), pp. 14301442.
    3. 3)
      • 7. Cho, Y., Smith, W.: ‘Programmable hardware for deep packet filtering on a large signature set’. First IBM Watson P = ac2 Conf., Yorktown, NY, 2004.
    4. 4)
      • 17. Wang, K., Fu, Z., Hu, X., et al: ‘Practical regular expression matching free of scalability and performance barriers’, Comput. Commun., 2014, 54, pp. 97119.
    5. 5)
      • 3. Kind, A., Dimitropoulos, X., Denazis, S., et al: ‘Advanced network monitoring brings life to the awareness plane’, IEEE Commun. Mag., 2008, 46, (10), pp. 140146.
    6. 6)
      • 32. Wu, H., Yang, D., Zhang, H.: ‘SybilBF: defending against Sybil attacks via Bloom filters’, ETRI J., 2011, 33, (5), pp. 826829.
    7. 7)
      • 8. Zink, T., Waldvogel, M.: ‘Efficient hash tables for network applications’, SpringerPlus, 2015, 4, (1), pp. 222232.
    8. 8)
      • 26. Parvat, T., Chandra, P.: ‘A novel approach to deep packet inspection for intrusion detection’, Procedia Comput. Sci., 2015, 45, pp. 506513.
    9. 9)
      • 29. Alshammari, R., Zincir-Heywood, A.: ‘Unveiling Skype encrypted tunnels using GP’. Proc. 2010 IEEE Congress on Evolutionary Computation (CEC), Barcelona, Spain, July 2010, pp. 18.
    10. 10)
      • 28. Lacerda, T.: ‘On the optimization of deep packet inspection’ (Federal University of Pemambuco Graduation in Computer Science, Informatics Center, 2008).
    11. 11)
      • 21. Kim, H., Lee, S.: ‘A hardware-based string matching using state transition compression for deep packet inspection’, ETRI J., 2013, 35, (1), pp. 154157.
    12. 12)
      • 16. Barr, A., David, S., Harchol, Y., et al: ‘Leveraging traffic repetitions for high-speed deep packet inspection’. IEEE Conf. Computer Communications (INFOCOM), May 2015.
    13. 13)
      • 24. Bando, M.: ‘High-performance packet processing for IP route lookup and deep packet inspection’, 2011.
    14. 14)
      • 42. Carela-Espanol, V., Barlet-Ros, P., Cabellos-Aparicio, A., et al: ‘Analysis of the impact of sampling on NetFlow traffic classification’, Comput. Netw., 2011, 55, (5), pp. 10831099.
    15. 15)
      • 36. Bonomi, F., Mitzenmacher, M., Panigrahy, R., et al: ‘An improved construction for counting Bloom filters’, Lecture Notes in Computer Science Algorithms, 14 (ESA, 2006), pp. 684695.
    16. 16)
      • 14. Zengin, S., Schmidt, E.G.: ‘A fast and accurate hardware string matching module with Bloom filters’, IEEE Trans. Parallel Distrib. Syst., 2016, 28, (2), pp. 305317.
    17. 17)
      • 4. DeRose, M.A.: ‘Deep packet inspection and its effects on net neutrality’ (Regis University, 2010).
    18. 18)
      • 20. Liu, C., Wu, J.: ‘Fast deep packet inspection with a dual finite automata’, IEEE Trans. Comput., 2013, 62, (2), pp. 310321.
    19. 19)
      • 15. Al-hisnawi, M., Ahmadi, M.: ‘Deep packet inspection using quotient filter’, IEEE Commun. Lett., 2016, 20, (11), pp. 22172220.
    20. 20)
      • 5. Cho, Y., Smith, W.: ‘Deep packet filter with dedicated logic and read only memories’. IEEE Symp. Field-Programmable Custom Computing Machines, Napa Valley, CA, April 2004.
    21. 21)
      • 43. Raynaud, X.: ‘http://www.eclipse.org/linuxtools/projectPages/gprof/’, Linux Tools-Gprof Support, Web. 24 April 2016.
    22. 22)
      • 31. Bloom, B.H.: ‘Space/time trade-offs in hash coding with allowable errors’, Commun. ACM, 1970, 13, (7), pp. 422426.
    23. 23)
      • 34. Song, H., Hao, F., Kodialam, M., et al: ‘IPv6 lookups using distributed and load balanced Bloom filters for 100 Gbps core router line cards’. IEEE INFOCOM 2009 – The 28th Conf. Computer Communications, 2009.
    24. 24)
      • 30. Bujlow, T.: ‘Classification and analysis of computer network traffic’ (Videnbasen for Aalborg Universitet VBN, Aalborg Universitet, Det Teknisk-Naturvidenskabelige Fakultet The Faculty of Engineering and Science, 2014).
    25. 25)
      • 6. Cho, Y., Smith, W.: ‘Deep network packet filter design for reconfigurable devices’. 12th Conf. Field Programmable Logic and Applications, Montpellier, France, September 2002, pp. 452461.
    26. 26)
      • 22. Najam, M., Younis, U., Ur Rasool, R.: ‘Speculative parallel pattern matching using stride-k DFA for deep packet inspection’, J. Netw. Comput. Appl., 2015, 54, pp. 7887.
    27. 27)
      • 18. Kim, H.: ‘A scalable architecture for reducing power consumption in pipelined deep packet inspection system’, Microelectron. J., 2015, 46, (10), pp. 950955.
    28. 28)
      • 9. Chen, Y., Kumar, A., Jim Xu, J.: ‘A new design of Bloom filter for packet inspection speedup’. Global Telecommunications Conf., 2007 GLOBECOM'07, 2007, pp. 15.
    29. 29)
      • 38. Knuth, D.E.: ‘The art of computer programming: sorting and searching’, vol. 3 (Addison Wesley, 1973).
    30. 30)
      • 39. Bender, M., Farach-Colton, M., Johnson, R., et al: ‘Don't thrash: how to cache your hash on flash’, Proc. VLDB Endowment, 2012, 5, (11), pp. 16271637.
    31. 31)
      • 44. Putze, F., Sanders, P., Johannes, S.: ‘Cache-, hash- and space-efficient Bloom filters’, J. Exp. Algorithms, 2007, 14, (4), pp. 108121.
    32. 32)
      • 41. Carela-Espanol, V., Bujlow, T., Barlet-Ros, P.: ‘Is our ground-truth for traffic classification reliable?’. Proc. 15th Int. Passive and Active Measurement Conf. (PAM 14), 2014, (LNCS, 8362), pp. 98108.
    33. 33)
      • 19. Koral, Y.: ‘High performance deep packet inspection’. PhD dissertation, Tel Aviv University, 2012.
    34. 34)
      • 12. Artan, N., Sinkar, K., Patel, J., et al: ‘Aggregated Bloom filters for intrusion detection and prevention hardware’. IEEE GLOBECOM 2007, IEEE Global Telecommunications Conf., November 2007.
    35. 35)
      • 11. Dharmapurikar, S., Krishnamurthy, P., Sproull, T., et al: ‘Deep packet inspection using parallel Bloom filters’. Proc. 11th Symp. High Performance Interconnects, 2003, 2003, pp. 4451.
    36. 36)
      • 45. Fan, L., Cao, P., Almeida, J., et al: ‘Summary cache: a scalable wide-area web cache sharing protocol’, IEEE/ACM Trans. Netw. IEEE/ACM Trans. Netw., 2000, 8, (3), pp. 281293.
    37. 37)
      • 25. Fisk, M., Varghese, G.: ‘An analysis of fast string matching applied to content based forwarding and intrusion detection’. Technical Report CS2001-0670 (updated version), 2002.
    38. 38)
      • 13. Natarajan, A., Subramanian, S.: ‘Payload inspection using parallel Bloom filter in dual core processor’, CIS Comput. Inf. Sci., 2010, 3, (4), pp. 305317.
    39. 39)
      • 27. Boukhtouta, A., Mokhov, S., Lakhdari, N., et al: ‘Network malware classification comparison using DPI and flow packet headers’, J. Comput. Virol. Hacking Tech., 2015, pp. 132.
    40. 40)
      • 2. Zhan, Y.R., Wang, Z.S.: ‘Deep packet inspection based on many-core platform’, J. Comput. Commun., 2015, 3, (05), p. 1.
    41. 41)
      • 35. Liu, X., Qi, H., Li, K., et al: ‘Sampling Bloom filter-based detection of unknown RFID tags’, IEEE Trans. Commun., 2015, 63, (4), pp. 14321442.
    42. 42)
      • 40. Tomasz, B., Carela-Espanol, V., Barlet-Ros, P.: ‘Independent comparison of popular DPI tools for traffic classification’, Comput. Netw., 2015, 76, (C), pp. 7589.
    43. 43)
      • 1. Fernandes, S., Antonello, R., Lacerda, T., et al: ‘Slimming down deep packet inspection systems’. INFOCOM Workshops 2009, IEEE, 2009, pp. 16.
    44. 44)
      • 33. Yao, Y., Xiong, S., Qi, H., et al: ‘Efficient histogram estimation for smart grid data processing with the loglog-Bloom-filter’, IEEE Trans. Smart Grid, 2015, 6, (1), pp. 199208.
    45. 45)
      • 10. Kocak, T., Kaya, I.: ‘Low-power Bloom filter architecture for deep packet inspection’, IEEE Commun. Lett., 2006, 10, (3), pp. 210212.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-net.2017.0055
Loading

Related content

content/journals/10.1049/iet-net.2017.0055
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address