基于TCAMs的千兆网络入侵检测的有效数据包匹配

20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06) Pub Date : 2006-04-18 DOI:10.1109/AINA.2006.164

Ming Gao, Kenong Zhang, Jiahua Lu

{"title":"基于TCAMs的千兆网络入侵检测的有效数据包匹配","authors":"Ming Gao, Kenong Zhang, Jiahua Lu","doi":"10.1109/AINA.2006.164","DOIUrl":null,"url":null,"abstract":"Ternary content-addressable memories (TCAMs) have gained wide acceptance in the industry for storing and searching patterns in routers. But two important problems block the way to deploy TCAMs as deep package matching engines for network intrusion detection systems (NIDS): long patterns matching and range patterns matching. A novel high speed long patterns matching architecture using cascade TCAMs for large signature set based NIDS is presented in this paper. Systems to handle tens of thousands of signatures with thousands of bytes length each can be built on such architecture. A novel efficient header rules matching system is proposed in this paper. This scheme offloads the range matching task to efficient specialized comparing engines in FPGAs so that it soIves the range matching problem with high throughout performance, about 250 million packets per second (Mpps) theoretically.","PeriodicalId":185969,"journal":{"name":"20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"37","resultStr":"{\"title\":\"Efficient packet matching for gigabit network intrusion detection using TCAMs\",\"authors\":\"Ming Gao, Kenong Zhang, Jiahua Lu\",\"doi\":\"10.1109/AINA.2006.164\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Ternary content-addressable memories (TCAMs) have gained wide acceptance in the industry for storing and searching patterns in routers. But two important problems block the way to deploy TCAMs as deep package matching engines for network intrusion detection systems (NIDS): long patterns matching and range patterns matching. A novel high speed long patterns matching architecture using cascade TCAMs for large signature set based NIDS is presented in this paper. Systems to handle tens of thousands of signatures with thousands of bytes length each can be built on such architecture. A novel efficient header rules matching system is proposed in this paper. This scheme offloads the range matching task to efficient specialized comparing engines in FPGAs so that it soIves the range matching problem with high throughout performance, about 250 million packets per second (Mpps) theoretically.\",\"PeriodicalId\":185969,\"journal\":{\"name\":\"20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06)\",\"volume\":\"17 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-04-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"37\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AINA.2006.164\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AINA.2006.164","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 37

摘要

三元内容可寻址存储器(TCAMs)在路由器中存储和搜索模式的行业中得到了广泛的认可。但是两个重要的问题阻碍了tcam作为网络入侵检测系统(NIDS)的深度包匹配引擎的部署:长模式匹配和范围模式匹配。提出了一种基于级联tcam的高速长模式匹配结构，用于基于大签名集的网络入侵检测。可以在这样的架构上构建处理成千上万个签名的系统，每个签名的长度为数千字节。提出了一种高效的报头规则匹配系统。该方案将范围匹配任务转移到fpga中高效的专用比较引擎上，以较高的通达性能解决了范围匹配问题，理论上可达到每秒2.5亿数据包(Mpps)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Efficient packet matching for gigabit network intrusion detection using TCAMs

Ternary content-addressable memories (TCAMs) have gained wide acceptance in the industry for storing and searching patterns in routers. But two important problems block the way to deploy TCAMs as deep package matching engines for network intrusion detection systems (NIDS): long patterns matching and range patterns matching. A novel high speed long patterns matching architecture using cascade TCAMs for large signature set based NIDS is presented in this paper. Systems to handle tens of thousands of signatures with thousands of bytes length each can be built on such architecture. A novel efficient header rules matching system is proposed in this paper. This scheme offloads the range matching task to efficient specialized comparing engines in FPGAs so that it soIves the range matching problem with high throughout performance, about 250 million packets per second (Mpps) theoretically.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06)

自引率

0.00%

发文量