Title :
Exploiting temporal locality in network traffic using commodity multi-cores
Author :
Shenoy, Govind Sreekar ; Tubella, Jordi ; González, Antonio
Author_Institution :
Dept. of Comput. Archit., Univ. Politec. de Catalunya, Barcelona, Spain
Abstract :
Network traffic has traditionally exhibited temporal locality in the header field of packets. Such locality is intuitive and is very well studied over the years. In this work we study temporal locality in the packet payload. Temporal locality can also be viewed as redundancy and we observe significant redundancy in the packet payload. We investigate mechanisms to exploit temporal locality in a networking application and choose Intrusion Detection Systems (IDS) as a case study. An IDS like the popular Snort [4] operates by scanning packet payload for known attack strings. It first builds a Finite State Machine (FSM) from a database of attack strings, and traverses this FSM using bytes from the packet payload. So we propose a redundancy-aware FSM traversal that skips the processing of redundant bytes. We have deployed our redundancy-aware FSM traversal in Snort, and we observe important performance benefits.
Keywords :
computer network security; finite state machines; string matching; Snort; attack string; commodity multicore; finite state machine; intrusion detection systems; network traffic; networking application; packet header field; packet payload redundancy; packet payload scanning; pattern matching; redundancy-aware FSM traversal; redundant bytes; temporal locality; Acceleration; Automata; Clocks; Instruction sets; Intrusion detection; Payloads; Redundancy;
Conference_Titel :
Performance Analysis of Systems and Software (ISPASS), 2012 IEEE International Symposium on
Conference_Location :
New Brunswick, NJ
Print_ISBN :
978-1-4673-1143-4
Electronic_ISBN :
978-1-4673-1145-8
DOI :
10.1109/ISPASS.2012.6189211
