Memory Optimized Dual Port TCAM for Intrusion Detection
نویسنده
چکیده
In intrusion detection among different hardware approaches, memory-based architecture has attracted a lot of attention be-cause of its easy reconfigurability and scalability. In order to accommodate the increasing number of attack patterns and meet the throughput requirement of networks, a successful network intrusion detection system must have a memory-efficient patternmatching algorithm and hardware design. In an efficient pattern-matching algorithm for memory architecture, state traversal algorithm was used to significantly reduce the memory requirement. In this paper, an adaptively dividable dual-port TCAM is proposed to further reduction of the memory requirement by which we can achieve a highthroughput, low-power, and low-cost pattern detection processor for mobile devices. The proposed dual-port TCAM is realized with the dualport AND-type match-line scheme which is composed of dual-port dynamic AND gates. The dual-port designs reduce power consumption and increase storage efficiency due to shared storage spaces. The method readily generalizes to higherdimensional pattern matching problems.
منابع مشابه
A New TCAM Architecture for Managing ACL in Routers
Ternary Content Addressable Memory (TCAM) is a special type of memory used in routers to achieve high-speed packet forwarding and classification. Packet forwarding is done by referring to the rules written in the routing table, whereas packet classification is performed by referring to the rules in the Access Control List (ACL). TCAM uses more transistors than Random Access Memory (RAM), result...
متن کاملBidirectional Range Extension for TCAM-Based Packet Classification
Packet classification is a fundamental task for network devices such as edge routers, firewalls, and intrusion detection systems. Currently, most vendors use Ternary Content Addressable Memories (TCAMs) to achieve high-performance packet classification. TCAMs use parallel hardware to check all rules simultaneously. Despite their high speed, TCAMs have a problem in dealing with ranges efficientl...
متن کاملA Fast Pattern-Matching Algorithm for Network Intrusion Detection System
We present a multi-gigabit rate multiple pattern-matching algorithm with TCAM that enables protecting against malicious attacks in a high-speed network. The proposed algorithm significantly reduces the number of TCAM lookups per payload with m-byte jumping window scheme. Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload in order ...
متن کاملA Finite-State-Machine based string matching system for Intrusion Detection on High-Speed Networks
This paper describes a finite state machine approach for string matching within high-speed network intrusion detection systems. This method uses a standard table based finite state machine implementation, but this is preceded by a preliminary stage that compresses multi-byte network input data into a series of tokens. Each string is matched using a separate finite state machine, each of which h...
متن کاملFast Regular Expression Matching Using Small TCAMs for Network Intrusion Detection and Prevention Systems
Regular expression (RE) matching is a core component of deep packet inspection in modern networking and security devices. In this paper, we propose the first hardware-based RE matching approach that uses Ternary Content Addressable Memories (TCAMs), which are off-the-shelf chips and have been widely deployed in modern networking devices for packet classification. We propose three novel techniqu...
متن کامل