Title :
A multi-gigabit rate deep packet inspection algorithm using TCAM
Author :
Sung, Jung-Sik ; Kang, Seok-Min ; Lee, Youngseok ; Kwon, Taeck-Geun ; Kim, Bong-Tae
Author_Institution :
ETRI, Daejeon, South Korea
Abstract :
With the increasing importance of network protection from cyber threats, it is requested to develop a multi-gigabit rate pattern-matching method for protecting against malicious attacks in high-speed network. This paper devises a high-speed deep packet inspection algorithm with TCAM by using an m-byte jumping window pattern-matching scheme. The proposed algorithm significantly reduces the number of TCAM lookups per payload by m times with the marginally enlarged TCAM size which can be implemented by cascading multiple TCAMs. Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload. It is shown by simulation that for the Snort rule with 2,247 patterns, our proposed algorithm supports more than 10 Gbps rate with a 9 Mbit TCAM.
Keywords :
Internet; storage allocation; telecommunication security; Snort rule; cyber threats; m-byte jumping window pattern-matching scheme; multigigabit rate deep packet inspection algorithm; network protection; ternary contents addressable memory; Computer crime; Computer viruses; Data security; Explosives; High-speed networks; Inspection; Internet; Intrusion detection; Payloads; Protection;
Conference_Titel :
Global Telecommunications Conference, 2005. GLOBECOM '05. IEEE
Conference_Location :
St. Louis, MO
Print_ISBN :
0-7803-9414-3
DOI :
10.1109/GLOCOM.2005.1577667
