High Performance and High Scalable Packet Classification Algorithm for Network Security Systems

Packet classification is a core function in network and security systems; hence, hardware-based solutions, such as packet classification accelerator chips or Ternary Content Addressable Memory (T-CAM), have been widely adopted for high-performance systems. With the rapid improvement of general hardw...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE transactions on dependable and secure computing Ročník 14; číslo 1; s. 37 - 49
Hlavní autoři: Pak, Wooguil, Choi, Young-June
Médium: Journal Article
Jazyk:angličtina
Vydáno: Washington IEEE 01.01.2017
IEEE Computer Society
Témata:
Algorithms
Associative memory
Asynchronous transfer mode
Benchmarks
Buildings
cache-aware table structure
Classification
Classification algorithms
Cybersecurity
Decision trees
Hardware
Heuristic algorithms
integrated inter- and intra-table search
Microprocessors
Network security
Network switching
Packet classification
Packet switched networks
partitioning
Partitioning algorithms
Scalability
Security
Security systems
Software
Software engineering
Studies
System effectiveness
Tables
ISSN:1545-5971, 1941-0018
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Packet classification is a core function in network and security systems; hence, hardware-based solutions, such as packet classification accelerator chips or Ternary Content Addressable Memory (T-CAM), have been widely adopted for high-performance systems. With the rapid improvement of general hardware architectures and growing popularity of multi-core multi-threaded processors, software-based packet classification algorithms are attracting considerable attention, owing to their high flexibility in satisfying various industrial requirements for security and network systems. For high classification speed, these algorithms internally use large tables, whose size increases exponentially with the ruleset size; consequently, they cannot be used with a large rulesets. To overcome this problem, we propose a new software-based packet classification algorithm that simultaneously supports high scalability and fast classification performance by merging partition decision trees in a search table. While most partitioning-based packet classification algorithms show good scalability at the cost of low classification speed, our algorithm shows very high classification speed, irrespective of the number of rules, with small tables and short table building time. Our test results confirm that the proposed algorithm enables network and security systems to support heavy traffic in the most effective manner.
Bibliografie:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ObjectType-Article-1
ObjectType-Feature-2
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2015.2443773