Title :
A unique-pattern based pre-filtering method for rule matching of network security
Author :
Huang, Nen-Fu ; Hung, Hsien-Wei ; Tsai, Wen-Yen
Author_Institution :
Inst. of Commun. Eng., Nat. Tsing Hua Univ., Hsinchu, Taiwan
Abstract :
As a result of continually changing Internet and applications, more and more advanced features are requested to be available in the appliance for more accurately monitoring and managing the network. Therefore, modern networking appliances are equipped with the DPI (Deep Packet Inspection) technology to scan the payload of a packet. A rule (like Snort rules) may consist of several patterns with certain relationships, such as order, relative positions, and offset, etc. The system performance is usually dominated by not only the pattern matching algorithm but also the rule match processing algorithm. This paper proposes a unique-pattern based pre-filtering method for the rule matching. It is employed to filter out unwanted matches after scanning the packet payload by the pattern matching algorithm. The proposed algorithm is also implemented on different multi-core platforms to demonstrate its efficiency and performance. The experimental results indicate that the throughput is improved significantly and can be increased approximately linearly to the number of CPU cores.
Keywords :
Internet; computer network security; filtering theory; DPI; Internet; Snort rules; deep packet inspection technology; multicore platform; network security; networking appliance; pattern matching; rule matching; unique-pattern based prefiltering; Home appliances; Inspection; Matched filters; Pattern matching; Payloads; Software systems; Deep Packet Inspection; Pre-filtering; Rule Matching;
Conference_Titel :
Communications (APCC), 2012 18th Asia-Pacific Conference on
Conference_Location :
Jeju Island
Print_ISBN :
978-1-4673-4726-6
Electronic_ISBN :
978-1-4673-4727-3
DOI :
10.1109/APCC.2012.6388294
