کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
462571 | 696858 | 2015 | 9 صفحه PDF | دانلود رایگان |
Network applications such as network intrusion detection systems (NIDSs) require multimatch packet classification, where all matched results need to be reported. Most researchers have adopted a TCAM-based architecture to enhance system performance, but TCAM consumes high amounts of power and requires a lot of memory resources. In this paper, we analyze the characteristics of the Snort rule set, and propose an memory-efficient multimatch packet classification architecture for NIDS using the result of analysis. The proposed hybrid architecture uses hash-based matching for searching single port numbers and k-ary tree matching for searching range port numbers and is synthesized on Altera Stratix IV FPGA. Compared with previous TCAM-based architectures, our design achieves over four times improvement in memory requirement and power consumption. Our architecture sustains 16.8–67.4 Gbps throughput for minimum size (40 bytes) packets.
Journal: Microprocessors and Microsystems - Volume 39, Issue 2, March 2015, Pages 113–121