Towards effective packet classification
نویسندگان
چکیده
A variety of network security services, such as access control in firewalls and protocol analysis in intrusion detection systems, require the discrimination of packets based on the multiple fields of packet header, which is called Multidimensional Packet Classification. In this paper, we propose a very effective packet classification algorithm called Extended Multidimensional Cuttings, ExCuts in short. As an extension of HyperCuts, which is the best-known existing decision tree algorithm, ExCuts refines the node merging mechanism using a two-step discontiguous space aggregation scheme, which minimizes the number of child nodes. To further reduce the memory usage of the decision tree structure, ExCuts adopts a bit string mapping scheme to compress the large pointer arrays in internal nodes. Due to the significant memory reduction, ExCuts is able to pick a fixed number of cuttings and thus provides explicit worst-case search time. Experimental results show that ExCuts outperforms the best result of existing algorithms on both real-life rulesets and synthetic classifiers.
منابع مشابه
IMNTV-Identifying Malicious Nodes using Trust Value in Wireless Sensor Networks
Security is the major area of concern in communication channel. Security is very crucial in wireless sensor networks which are deployed in remote environments. Adversary can disrupt the communication within multi hop sensor networks by launching the attack. The common attacks which disrupt the communication of nodes are packet dropping, packet modification, packet fake routing, badmouthing atta...
متن کاملBehavioral Analysis of Traffic Flow for an Effective Network Traffic Identification
Fast and accurate network traffic identification is becoming essential for network management, high quality of service control and early detection of network traffic abnormalities. Techniques based on statistical features of packet flows have recently become popular for network classification due to the limitations of traditional port and payload based methods. In this paper, we propose a metho...
متن کاملFeature Extraction to Identify Network Traffic with Considering Packet Loss Effects
There are huge petitions of network traffic coming from various applications on Internet. In dealing with this volume of network traffic, network management plays a crucial rule. Traffic classification is a basic technique which is used by Internet service providers (ISP) to manage network resources and to guarantee Internet security. In addition, growing bandwidth usage, at one hand, and limit...
متن کاملMerge FSM Based Low Power Packet Classification
Packet classification is a vital and complicated task as the processing of packets should be done at a specified line speed. In order to classify a packet as belonging to a particular flow or set of flows, network nodes must perform a search over a set of filters using multiple fields of the packet as the search key. Packet classification is used by networking equipment to sort packets into flo...
متن کاملHigh Performance Packet Classification
In this proposal, we seek to develop methods for packet classification that can deliver high performance (e.g. wire speed processing at 10 Gb/s) while being reasonably cost-effective (e.g. memory-efficient and having low hardware complexity). In particular, we discuss a new approach involving extended TCAMs. This new approach eliminates the problems that preclude TCAMs from being considered via...
متن کامل