Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2005.12C.4.503

High-Speed Pattern Matching Algorithm using TCAM  

Sung Jungsik (한국전자통신연구원 광통신연구센터)
Kang Seok-Min (충남대학교 컴퓨터공학과)
Lee Youngseok (충남대학교 컴퓨터공학과)
Kwon Taeck-Geun (충남대학교 컴퓨터공학과)
Kim Bongtae (한국전자통신연구원 광통신연구센터)
Publication Information
The KIPS Transactions:PartC / v.12C, no.4, 2005 , pp. 503-510 More about this Journal
Abstract
With the increasing importance of network protection from cyber threats, it is requested to develop a multi-gigabit rate pattern matching method for protecting against malicious attacks in high-speed network. This paper devises a high-speed pattern matching algorithm with TCAM by using an m-byte jumping window pattern matching scheme. The proposed algorithm significantly reduces the number of TCAM lookups per payload by m times with the marginally enlarged TCAM size which can be implemented by cascading multiple TCAMs. Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload. It is shown by simulation that for the Snort nile with 2,247 patterns, our proposed algorithm supports more than 10 Gbps rate with a 9Mbit TCAM.
Keywords
TCAM; Pattern Matching; DPI; Intrusion Detection; NP; Snort;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Snort.org, URL: http://www.snort.org./
2 libpcap, URL: http://ee.lbl.gov/
3 M. Roesch, 'Snort-lightweight intrusion detection for networks,' Systems Administration Conference, USENIX, 1999
4 Y. Huang, P. Zhang, S. Li, Y. Chen, and D. Zhang, 'Research on distributed real time network information auditing system,' Int'l Conference on Information, Communications & Signal Processing, 2001
5 eSafe Gateway, URL:http://www.eAladdin.com/eSafe
6 R. S. Boyer and J. S. Moore, 'A fast string searching algorithm,' Communications of the ACM, Vol. 20, No. 10, pp.762-772, Oct., 1977   DOI   ScienceOn
7 S. Wu and U. Manber, 'A fast algorithm for multi-pattern searching,' Tech. Report TR94-17, University of Arizona, May, 1994
8 R. N. Horspool, 'Practical fast searching in stgrings,' Software Practice and Experience, Vol.10, No.6, pp.501-506, 1980   DOI
9 F. Yu, R. H. Katz and T. V. Lakshman, 'Gigabit rate packet pattern-matching using TCAM,' IEEE Int'l Conference on Network Protocols, pp.174-183, Oct., 2004
10 M. Fisk and G. Varghese, 'Fast content-based packet handling for intrusion detection,' UCSD Technical Report CS2001-0670, May, 2001
11 J. Bo and L. Bin, 'High-speed discrete content sensitive pattern match algorithm for deep packet filtering,' Int'l Conference on Computer Networks and Mobile Computing, 2003
12 P. Jungck and S. S.Y. Shim, 'Issues in high-speed internet security,' IEEE Computer Magazine, pp.22-28, July, 2004   DOI   ScienceOn
13 장윤정, '차세대 네트워크 통합보안 시장 현황', 네트워크 타임즈, pp.151-165, June, 2004
14 M. Adiletta, et. al, 'The Next Generation of Intel IXP Network Processors,' Interl Technology Journal, Vol. 6, Issue 3, pp.6-18, Aug., 2002
15 최현희, 정태명, '통합 보안 관리 시스템을 위한 보안 정책 일반화에 관한 연구', 정보처리학회논문지C, 제9-C권 제6호, pp.823-830, 2002   과학기술학회마을   DOI   ScienceOn