Accelerating network security services with fast packet classification
نویسندگان
چکیده
To protect a network, secure network systems such as intrusion detection system (IDS) and firewall are often installed to control or monitor network traffic. These systems often incur substantial delay for analyzing network packets. The delay can be reduced with fast packet classification, which can effectively classify network traffic, and consequently accelerate the analysis of network packets. In the last few years, many researchers devoted to providing fast packet classification methods for multidimensional classifier. However, these methods either suffer from poor performance and huge storage requirement, or are lack of dimension scalability. In this paper, we propose a packet classification method based on tuple space search, and use the multidimensional binary search tree (Kd-tree) to improve search performance. The proposed scheme requires only Oðd log WÞ search time and controlled storage requirement, where d is the number of dimensions, and W is the utmost bit length for specifying prefixes in a classification rule. It features fast packet classification, and supports dynamic update which is a basic requirement of many secure network services, such as IDS and firewall. q 2004 Elsevier B.V. All rights reserved.
منابع مشابه
Feature Extraction to Identify Network Traffic with Considering Packet Loss Effects
There are huge petitions of network traffic coming from various applications on Internet. In dealing with this volume of network traffic, network management plays a crucial rule. Traffic classification is a basic technique which is used by Internet service providers (ISP) to manage network resources and to guarantee Internet security. In addition, growing bandwidth usage, at one hand, and limit...
متن کاملPacket classification using diagonal-based tuple space search
Multidimensional packet classification has attracted considerable research interests in the past few years due to the increasing demand on policy based packet forwarding and security services. These network services typically involve determining the action to take on packets according to a set of rules. As the number of rules increases, time for determining the best matched rule for an incoming...
متن کاملFast Packet Classification Using Bit Compression with Fast Boolean Expansion
To support applications such as Internet security, virtual private networks, and Quality of Service (QoS), Internet routers need to quickly classify incoming packets into flows. Packet classification uses information contained in the packet header and a predefined rule table in the routers. In general, packet classification on multiple fields is a difficult problem. Hence, researchers have prop...
متن کاملNew High Secure Network Steganography Method Based on Packet Length
In network steganography methods based on packet length, the length of the packets is used as a carrier for exchanging secret messages. Existing methods in this area are vulnerable against detections due to abnormal network traffic behaviors. The main goal of this paper is to propose a method which has great resistance to network traffic detections. In the first proposed method, the sender embe...
متن کاملTowards effective packet classification
A variety of network security services, such as access control in firewalls and protocol analysis in intrusion detection systems, require the discrimination of packets based on the multiple fields of packet header, which is called Multidimensional Packet Classification. In this paper, we propose a very effective packet classification algorithm called Extended Multidimensional Cuttings, ExCuts i...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Computer Communications
دوره 27 شماره
صفحات -
تاریخ انتشار 2004