Article

Efficient memory utilization on network processors for deep packet inspection

Authors:

Yan LuoAuthors Info & Claims

ANCS '06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems

Pages 71 - 80

https://doi.org/10.1145/1185347.1185358

Published: 03 December 2006 Publication History

Abstract

Deep Packet Inspection (DPI) refers to examining both packet header and payload to look for predefined patterns, which is essential for network security, intrusion detection and content-aware switch etc. The increasing line speed and expanding pattern sets make DPI a challenging task. Network Processors (NPs) are chosen to perform DPI due to their packet processing performance and programmability. In this paper, we focus on achieving high performance DPI through exploitation of NP's on-chip resources (particularly memory) and inherent parallel processing capability. We study the parallelism in classical DPI algorithms and construct a memory model for different parallel matching methods. Based on the model, we find the optimal organization of state machines that requires minimal on-chip memory space and guides us to high performance NP architectures for DPI. The performance evaluation experiments show that our method can reduce the memory usage by up to 86%. With an Intel IXP28xx NP simulator, we observe that the estimated DPI throughput reaches up to 5 Gbps.

References

[1]

A. V. Aho and M. J. Corasick. Efficient string matching: an aid to bibliographic search, Communications of the ACM, 18(6):333--340, 1975.

Digital Library

[2]

A. Aldwairi, T. Conte, P. Franzon, Configurable String Matching Hardware for Speeding Up Intrusion Detection, SIGARCH Compute Architecture News, 33(1):99--107, 2005.

Digital Library

[3]

Z. K. Baker, V.K. Prasanna, High-throughput Linked-Pattern Matching for Intrusion Detection Systems, ANCS 2005, Princetion, New Jersey, 2005

Digital Library

[4]

B. Bloom, Space/time trade-offs in hash coding with allowable errors, Communications of ACM, 13(7):422--426, May 1970

Digital Library

[5]

B.C. Brodie, R.K. Cytron, D.E. Taylor, A Scalable Architecture for High-Throughput Regular-Expression Pattern Matching, In Proceedings of ISCA 2006, Boston, MA June, 2006.

Digital Library

[6]

Y. Cho and W. Mangione-Smith, Deep Packet Filter with Dedicated Logic and Read-Only Memories, IEEE Symposium on Field-Programmable Custom Computing Machines, April 2004.

Digital Library

[7]

S. Dharmapurikar, J. Lockwood, Fast and Scalable Pattern Matching for Content Filtering, Proceedings of Symposium on Architectures for Networking and Communications Systems (ANCS), Oct 2005.

Digital Library

[8]

Intel, Intel IXP2855 Network Processor Product Brief, 2005, http://download.intel.com/design/network/ ProdBrf/30943001.pdf

[9]

Intel, Intel IXP2xxx Product Line of Network Processors. http://www.intel.com/design/network/products/npfamily/ ixp2xxx.htm

[10]

S. Kumar, S. Dharmapurikar, P. Crowley, J. Turner, F. Yu, Algorithms to Accelerate Multiple Regular Expression Matching for Deep Packet Inspection, SIGCOMM 2006, Pisa, Italy, Sept 2006.

Digital Library

[11]

Y. Luo, J. Yang, L. Bhuyan, L. Zhao, NePSim: A Network Processor Simulator with Power Evaluation Framework, IEEE Micro Special Issue on Network Processors for Future High-End Systems and Applications, Sept/Oct 2004

Digital Library

[12]

I. Sourdis, D. Pnevmatikatos, String Matching on Multicontext FPGA using Self-reconfiguration, In Proceedings of 1999 ACM International Symposium on Field Programmable Gate Arrays, pp 217--226, New York, NY. 1999

Digital Library

[13]

L. Tan and T. Sherwood, Architectures for Bit-Split String Scanning in Intrusion Detection, IEEE Micro: Micro's Top Picks from Computer Architecture Conferences, January-February 2006.

Digital Library

[14]

F. Yu, R. Katz, T.V. Lakshman, Gigabit Rate Packet Pattern Matching using TCAM, In IEEE International Conference on Network Protocols(ICNP), Berlin, Germany, Oct 2004.

Digital Library

[15]

Snort. http://www.snort.org/

[16]

Linux Layer 7 Packet Classifier. http://sourceforge.net/projects/l7-filter/

Cited By

Hilgurt SChemerys O(2022)Reconfigurable signature-based information security tools of computer systems10.15407/akademperiodyka.458.297Online publication date: 2022
https://doi.org/10.15407/akademperiodyka.458.297
Chen WLyu FWu FYang PXue GLi M(2021)Sequential Message Characterization for Early Classification of Encrypted Internet TrafficIEEE Transactions on Vehicular Technology10.1109/TVT.2021.306373870:4(3746-3760)Online publication date: Apr-2021
https://doi.org/10.1109/TVT.2021.3063738
Hypolite JSonchack JHershkop SDautenhahn NDeHon ASmith JHan DFeldmann A(2020)DeepMatchProceedings of the 16th International Conference on emerging Networking EXperiments and Technologies10.1145/3386367.3431290(336-350)Online publication date: 23-Nov-2020
https://dl.acm.org/doi/10.1145/3386367.3431290
Show More Cited By

Index Terms

Efficient memory utilization on network processors for deep packet inspection
1. Networks
  1. Network services
    1. Network monitoring

Recommendations

Deep Packet Inspection as a Service
CoNEXT '14: Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies

Middleboxes play a major role in contemporary networks, as forwarding packets is often not enough to meet operator demands, and other functionalities (such as security, QoS/QoE provisioning, and load balancing) are required. Traffic is usually routed ...
Space efficient deep packet inspection of compressed web traffic

In this paper we focus on the process of deep packet inspection of compressed web traffic. The major limiting factor in this process imposed by the compression, is the high memory requirements of 32KB per connection. This leads to the requirements of ...
Slimming down Deep packet inspection systems
INFOCOM'09: Proceedings of the 28th IEEE international conference on Computer Communications Workshops

Internet Service Providers (ISP) have been recently relying on Deep Packet Inspection (DPI) systems, which are the most accurate techniques for traffic identification and classification. However, building high performance DPI systems requires an in-...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ANCS '06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems

December 2006

202 pages

ISBN:1595935800

DOI:10.1145/1185347

General Chair:
Laxmi N. Bhuyan
University of California, Riverside, USA
,
Program Chairs:
Michel Dubois
University of Southern California, USA
,
Will Eatherton
Cisco, USA

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 December 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

ANCS06

Sponsor:

ANCS06: Symposium on Architecture for Networking and Communications Systems

December 3 - 5, 2006

California, San Jose, USA

Acceptance Rates

Overall Acceptance Rate 88 of 314 submissions, 28%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

34
Total Citations
View Citations
966
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hilgurt SChemerys O(2022)Reconfigurable signature-based information security tools of computer systems10.15407/akademperiodyka.458.297Online publication date: 2022
https://doi.org/10.15407/akademperiodyka.458.297
Chen WLyu FWu FYang PXue GLi M(2021)Sequential Message Characterization for Early Classification of Encrypted Internet TrafficIEEE Transactions on Vehicular Technology10.1109/TVT.2021.306373870:4(3746-3760)Online publication date: Apr-2021
https://doi.org/10.1109/TVT.2021.3063738
Hypolite JSonchack JHershkop SDautenhahn NDeHon ASmith JHan DFeldmann A(2020)DeepMatchProceedings of the 16th International Conference on emerging Networking EXperiments and Technologies10.1145/3386367.3431290(336-350)Online publication date: 23-Nov-2020
https://dl.acm.org/doi/10.1145/3386367.3431290
Jin RXue GLyu FSheng HLiu GLi M(2018)Leveraging Inner-Connection of Message Sequence for Traffic Classification: A Deep Learning Approach2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS)10.1109/PADSW.2018.8644617(77-84)Online publication date: Dec-2018
https://doi.org/10.1109/PADSW.2018.8644617
Pimenta Rodrigues GDe Oliveira Albuquerque RGomes de Deus FDe Sousa Jr. RDe Oliveira Júnior GGarcía Villalba LKim T(2017)Cybersecurity and Network Forensics: Analysis of Malicious Traffic towards a Honeynet with Deep Packet InspectionApplied Sciences10.3390/app71010827:10(1082)Online publication date: 18-Oct-2017
https://doi.org/10.3390/app7101082
Achunala DSathiyanarayanan MAbubakar B(2017)Traffic Classification Analysis Using OMNeT++Progress in Intelligent Computing Techniques: Theory, Practice, and Applications10.1007/978-981-10-3376-6_45(417-422)Online publication date: 5-Aug-2017
https://doi.org/10.1007/978-981-10-3376-6_45
Vakili SLanglois JBoughzala BSavaria YCrowley PRizzo LMathy L(2016)Memory-Efficient String Matching for Intrusion Detection Systems using a High-Precision Pattern Grouping AlgorithmProceedings of the 2016 Symposium on Architectures for Networking and Communications Systems10.1145/2881025.2881031(37-42)Online publication date: 17-Mar-2016
https://dl.acm.org/doi/10.1145/2881025.2881031
Liu WWang BChen LChen KWang J(2016)Research of demand recognition based on template matching2016 11th International Conference on Computer Science & Education (ICCSE)10.1109/ICCSE.2016.7581644(573-577)Online publication date: Aug-2016
https://doi.org/10.1109/ICCSE.2016.7581644
Ashfaq ARizvi SJaved MKhayam SAli MAl-Shaer E(2014)Information theoretic feature space slicing for statistical anomaly detectionJournal of Network and Computer Applications10.1016/j.jnca.2014.01.00241(473-487)Online publication date: May-2014
https://doi.org/10.1016/j.jnca.2014.01.002
Yang TZhang HCao XTian ZQassrawi M(2013)SSE Instruction and Block Predetermination-Based Automaton OptimizationUnifying Electrical Engineering and Electronics Engineering10.1007/978-1-4614-4981-2_244(2229-2242)Online publication date: 15-Jun-2013
https://doi.org/10.1007/978-1-4614-4981-2_244
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten