MetaCart Sign in to MyCiteSeerX

Include Citations | Advanced Search | Help

Disambiguated Search | Include Citations | Advanced Search | Help

Deep Packet Inspection Using Parallel Bloom Filters (2003) [90 citations — 17 self]

by Sarang Dharmapurikar ,  Praveen Krishnamurthy ,  Todd Sproull ,  John Lockwood
IEEE Micro
Add To MetaCart

Abstract:

Recent advances in network packet processing focus on payload inspection for applications that include contentbased billing, layer-7 switching and Internet security. Most of the applications in this family need to search for predefined signatures in the packet payload. Hence an important building block of these processors is string matching infrastructure. Since conventional software-based algorithms for string matching have not kept pace with high network speeds, specialized high-speed, hardware-based solutions are needed. We describe a technique based on Bloom filters for detecting predefined signatures (a string of bytes) in the packet payload. A Bloom filter is a data structure for representing a set of strings in order to support membership queries. We use hardware Bloom filters to isolate all packets that potentially contain predefined signatures. Another independent process eliminates false positives produced by Bloom filters.

Citations

825 Space/time trade-offs in hash coding with allowable errors – Bloom - 1970
505 Snort: Lightweight intrusion detection for networks – Roesch - 1999
468 Summary Cache: A Scalable Wide-Area Web Cache Sharing Protocol – Fan, Cao, et al. - 2000
176 Introduction to Algorithms – Corman, Leiserson, et al. - 2001
81 Fast regular expression matching using FPGAs – Sidhu, Prasanna - 2001
67 Implementation of a Content-Scanning Module for an Internet Firewall – Moscola, Lockwood, et al. - 2003
40 Towards faster string matching for intrusion detection or exceeding the speed of Snort – Coit, Staniford, et al.
29 Reprogrammable network packet processing the field programmable port extender (FPX – Lockwood, Naufel, et al. - 2001
22 Fast Content-Based Packet Handling for Intrusion Detection – Fisk, Varghese - 2001
13 A Performance Study of Hashing Functions for Hardware Applications – Ramakrishna, Fu, et al. - 1994
10 Cormen et al., Introduction to Algorithms – H - 2001
8 Assisting network intrusion detection with reconfigurable hardware – Fanklin, Caraver, et al. - 2002
7 FPGAs for Custom Computing Machines – Symp - 1997
6 et al., “Summary Cache: A Scalable Wide-Area Web Cache Sharing Protocol – Fan - 1998
3 Special Purpose SRAMs smooth the ride. EDN – Dipert - 1999
1 cache: a scalable wide-area Web cache sharing protocol – Summary
1 et al., “Reprogrammable Network Packet Processing on the Field Programmable Port Extender – Lockwood - 2001
1 Field-Programmable Custom Computing Machines (FCCM 03 – Hutchings, Franklin, et al.
1 Sarang Dharmapurikar is a PhD student in the Department of Computer Science and Engineering, Washington University in St. Louis. His research interests include various aspects of high-speed networking system design, including packet classification and for – Ann - 2001
View or Download | Add to My Collection | Correct Errors