• Journal of Internet Computing and Services
• /
• v.13 no.2
• /
• pp.41-49
• /
• 2012

Wireless network support and extended mobile network environment with exponential growth of smart phone users allow us to utilize the network anytime or anywhere. Malicious attacks such as distributed DOS, internet worm, e-mail virus and so on through high-speed networks increase and the number of patterns is dramatically increasing accordingly by increasing network traffic due to this internet technology development. To detect the patterns in intrusion detection systems, an existing research proposed an efficient algorithm called the jumping window algorithm and analyzed approximately 2,000 patterns in Snort 2.1.0, the most famous intrusion detection system. using the algorithm. However, it is inappropriate from the number of TCAM lookups and TCAM memory efficiency to use the result proposed in the research in current environment (Snort 2.9.0) that has longer patterns and a lot of patterns because the jumping window algorithm is affected by the number of patterns and pattern length. In this paper, we simulate the number of TCAM lookups and the required TCAM size in the jumping window with approximately 8,100 patterns from Snort-2.9.0 rules, and then analyse the simulation result. While Snort 2.1.0 requires 16-byte window and 9Mb TCAM size to show the most effective performance as proposed in the previous research, in this paper we suggest 16-byte window and 4 18Mb-TCAMs which are cascaded in Snort 2.9.0 environment.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.12
• /
• pp.3150-3158
• /
• 1997

In the ATM networks, there are two method in traffic control as schemes to improve the quality of service; one is the reactive control after congestion and the other is the preventive control before congestion. The preventive control include the CAC(Connection Admission Control), the UPC(Usage Parameter Control), the NPC(Network Parameter Control) and the PC(Priority co ntrol). In this paper, we propose an efficient UPC algorithm that has a complex structure using the Jumping window algorithm within the Leaky Bucket algorithm. The proposed algorithm controls peak hit rate by the Leaky Bucket algorithm, then it does the traffic control to evaluate by the Jumping Window whether violates mean bit rate or not. As we assume On/Off traffic source model, our simulation results showed cell loss rate less than the pre-existential Leaky Bucket algorithm method, and it could decrease the demanded Bucket size.

• The KIPS Transactions:PartC
• /
• v.12C no.4 s.100
• /
• pp.503-510
• /
• 2005

With the increasing importance of network protection from cyber threats, it is requested to develop a multi-gigabit rate pattern matching method for protecting against malicious attacks in high-speed network. This paper devises a high-speed pattern matching algorithm with TCAM by using an m-byte jumping window pattern matching scheme. The proposed algorithm significantly reduces the number of TCAM lookups per payload by m times with the marginally enlarged TCAM size which can be implemented by cascading multiple TCAMs. Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload. It is shown by simulation that for the Snort nile with 2,247 patterns, our proposed algorithm supports more than 10 Gbps rate with a 9Mbit TCAM.