Scalable Packet Classification for Network Intrusion Detection

P.-C. Wang and C.-M. Chang (Taiwan)


Packet classification, firewalls, and forwarding.


Network intrusion detection systems, which protect high speed networks, demand both high throughput and scala bility to handle new threats. In this paper, we propose a scalable algorithm of multimatch packet classification for network intrusion detection to handle the potentially in creasing filters resulted from new threats. The algorithm utilizes the previous idea, which categorizes filters based on distinct length combinations and corresponds each combi nation to one hash table. The classification procedure con sists of d one-dimensional lookups and T hash accesses. We adopt ternary content addressable memory (TCAM) to accomplish the one-dimensional lookups. As compared to the existing schemes, the proposed scheme shows a better leverage between speed and storage performance.

Important Links:

Go Back