期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种网络分组内容线速动态检测方法 被引量:2

A Method of On-Line Dynamic Inspection for Network Packet Contents
在线阅读 下载PDF
导出
摘要 针对高速网络内容检测中多模式匹配算法性能差和模式集不断动态变化的问题,提出了一种松散耦合的双通道线速动态内容检测方法.该方法包含快速通道和慢速通道两部分,快速通道利用可动态查询的并行Counting Bloom filter引擎过滤网络分组,过滤出的嫌疑分组送慢速通道利用高效动态模式匹配算法一步准确鉴别和分析,从而避免对正常分组的阻碍,达到线速检测.基于程序局部性原理,采用额定长度前缀的方法实现了对长模式的可扩展性.分析与模拟试验表明,该检测方法具有较高的吞吐性能,可以实现线速动态内容检测,同时减少了硬件资源开销,提高了可扩展性. In the high-speed inspection of network contents, the multi-pattern matching algorithm is inefficient and the pattern set continuously changes. In order to solve these problems, an on-line dynamic inspection method with two loosely-coupled pipelines is proposed. This method consists of a fast pipeline and a slow one. In the fast pipeline, parallel Counting Bloom filter engines which can perform fast dynamic query are adopted to filter the network packet, while in the slow one, a high-performance dynamic pattern matching algorithm is adopted to distinguish the suspicious packet coming from the fast pipeline. Thus, the block to normal packets can be removed and the on-line inspection can be achieved. Moreover, according to the locality principle of programs, a length threshold is set to implement the scalability for long rules. Analytical and simulated results indicate that the proposed inspection method with high throughput meets the requirements of on-line dynamic inspection of network packet contents well with low hardware consumption and high scalability.
作者 徐克付 齐德昱 钱正平 向军 郑伟平
机构地区 华南理工大学计算机系统结构研究所
出处 《华南理工大学学报(自然科学版)》 EI CAS CSCD 北大核心 2008年第9期15-19,共5页 Journal of South China University of Technology(Natural Science Edition)
基金 中国博士后科学基金资助项目(2005037582) 粤港关键领域重点突破项目(2005A10307007)
关键词 BLOOM FILTER 计算机网络 深度分组检测 动态模式匹配 Bloom filter computer network deep packet inspection dynamic pattern matching
分类号 TP393 [自动化与计算机技术—计算机应用技术]
作者简介 徐克付(1977-),男,博士生,主要从事网络信息安全研究.E-mail:xkfool@163.com
  • 相关文献

参考文献12

  • 1Yu F, Katz R H, Lakshman T V. Gigabit rate packet pattern-matching using TCAM [ C]//Proc of the 12th IEEE Int'l Conf on Network Protocols. Washington: IEEE, 2004 : 174-183.
  • 2Sung Jung-Sik, Kang Eok-Min, Lee Youngseok, et al. A multi-gigabit rate deep packet inspection algorithm using TCAM [ C ]//Proc of Global Telecommunications Conference. St Louis : IEEE ,2006:62-66.
  • 3Dharmapurikar S, Lockwood J. Fast and scalable pattern matching for content filtering [ C ] // Proc of the 2005 ACM Symposium on Architecture for Networking and Communications Systems. Princeton : ACM ,2005 : 183-192.
  • 4Dharmapurikar S, Krishnamurthy P, Sponll T, et al. Deep packet inspection using parallel Bloom filters [ J ]. IEEE Micro,2004,24( 1 ) :52-61.
  • 5Navarro Gonzalo, Raffinot Mathieu. Flexible pattern matching in strings:practical on-line search algorithms for texts and biological sequences [ M ]. Cambridge: Cambridge University Press ,2002.
  • 6叶明江,崔勇,徐恪,吴建平.基于有状态Bloom filter引擎的高速分组检测[J].软件学报,2007,18(1):117-126. 被引量:13
  • 7Sahinalp S C, Vishkin U. Efficient approximate and dynamic matching of patterns using a labeling paradigm [ C]//Proc of the 37th Conference on Foundations of Computer Science. Burlington : IEEE, 1996:320-328.
  • 8Amir A, Farach M, Matias Y. Efficient randomized dictionary matching algorithms [ C] //Proc of the 3rd Symposium on Combinatorial Pattern Matching. Tucson: ACM, 1992:262-275.
  • 9Fan L, Cao P, Almeida J, et al. Summary cache : a scalable wide-area Web cache sharing protocol [ J]. IEEE/ACM Transactions on Networking, 2000,8 ( 3 ) : 281 - 293.
  • 10Zhen Chen-ehuang, Lin Chuang, Jia Ni, et al. AntiWorm NPU-based parallel Bloom filters for TCP/IP content processing in Giga Ethernet [ C ] //Proe of the First IEEE LCN Workshop on Network Security. Sydney: IEEE, 2005 : 748- 755.

二级参考文献15

  • 1Moore D,Paxson V,Savage S,Shannon C,Staniford S,Weaver N.Inside the slammer worm.IEEE Security and Privacy,2003,1(4):33-39.
  • 2Moore D,Shannon C.Code-Red:A case study on the spread and victims of an Internet worm.In:Proc.of the 2002 ACM SICGOMM Internet Measurement Workshop.Marseille,2002.273-284.http://portal.acm.org/citation.cfm?id=637244&dl= ACM&coll=&CFID=15151515&CFTOKEN=6184618
  • 3Kim HA,Karp B.Autograph:Toward automatic distributed worm signature detection.In:Proc.of the USENIX Security Symp.Diego,2004.271-286.http://www.usenix.org/events/sec04/tech/full_papers/kim/kim.pdf
  • 4Singh S,EstanC,Varghese G,Savage S.Automated worm fingerprinting.In:Proc.of the 6th ACM/USENIX Symp.on Operating System Design and Implementation (OSDI).San Francisco,2004.45-60.http://www.usenix.org/events/osdi04/tech/full_papers/ singh/singh.pdf
  • 5Axelsson.Intrusion detection systems:A survey and taxonomy.Technical Report,99-15,Chalmers University,2000.
  • 6Bloom B.Space/Time trade-offs in Hash coding with allowable errors.Communications of the ACM,1970,13(7):422-426.
  • 7Dharmapurikar S,Krishnamurthy P,Sproull T,Lockwood J.Deep packet inspection using parallel Bloom filters.In:Proc.of the Symp.on High Performance Interconnects (HotI).Stanford,2003.44-51.http://www.hoti.org/archive/Hoti11_program/papers/ hoti11_07_dharmapurikar_s.pdf
  • 8Dharmapurikar S,Attig M,Lockwood J.Design and implementation of a string matching system for network intrusion detection using FPGA-based Bloom filters.Technical Report,WUCSE-2004-12,St.Louis:Washington University,2004.
  • 9Song HY,Dharmapurikar S,Turner J,Lockwood J.Fast hash table lookup using extended Bloom filter:An aid to network processing.In:Proc.of the ACM SIGCOMM 2005.Philadelphia,2005.20-26.http://portal.acm.org/citation.cfm?id=1080114&dl= ACM&coll=&CFID=15151515&CFTOKEN=6184618
  • 10Yu F,Katz RH,Lakshman TV.Gigabit rate packet pattern-matching using TCAM.In:Proc.of the 12th IEEE Int'l Conf.on Network Protocols (ICNP 2004).Berlin,2004.174-183.http://portal.acm.org/citation.cfm?id=1025890&dl=GUIDE&coll=GUIDE

共引文献12

同被引文献21

  • 1邹秋波,吴为,李之棠.Bloom filter在防火墙中的应用和研究[J].通信学报,2005,26(B01):158-162. 被引量:2
  • 2Gonzalo Navarro,Mathieu Raffinot.New techniques for regular expression searching[J].Algorithmica,2005,11(41):89-116.
  • 3Yu Fang,Chen Zhi-feng,Diao Yan-lei,et al.Fast and memory-efficient regular expression matching for deep packet inspetion[C]∥Proc of the 2006 ACM/IEEE Symposium on Architecture for Networking and Communications Systems.San Jose:ACM/IEEE,2006:93-102.
  • 4Thompson K.Regular expression search algorithm[J].Communications of the ACM,1968,11(6):419-422.
  • 5Myers E.A four-Russian algorithm for regular expression pattern matching[J].Journal of the ACM,1992,39(2):430-448.
  • 6Wu S,Manber U.Fast text searching allowing errors[J].Communications of the ACM,1992,35(10):83-91.
  • 7Glushkov V M.The abstract theory of automata[J].Russian Mathematical Surveys,1961,16(5):1-53.
  • 8Berry G,Sethi R.From regular expression to deterministic automata[J].Theoretical Computer Science,1986,48(1):117-126.
  • 9Bruce W,Richard E.A Boyer-Moore-style algorithm for regular expression pattern matching[J].Science of Computer Programming,2003,8(48):99-117.
  • 10Bruce W.A new regular grammar pattern matching algorithm[J].Theoretical Computer Science,2003,299(1/2/3):509-521.

引证文献2

二级引证文献5

华南理工大学学报(自然科学版)
2008年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
关于我们 | 版权声明 | 联系我们 | 帮助中心| 意见反馈
主办单位:上海市教育委员会
技术支持:重庆维普资讯有限公司
渝公网安备 50019002500403号
使用帮助 返回顶部