Author： Yaron Weinsberg ,Shimrit Tzur-David ,Danny Dolev and Tal Anker

Slides:

Advertisements

Similar presentations

Exploiting Crosstalk to Speed up On-chip Buses Chunjie Duan Ericsson Wireless, Boulder Sunil P Khatri University of Colorado, Boulder.

Advertisements

Massively Parallel Cuckoo Pattern Matching Applied For NIDS/NIPS  Author: Tran Ngoc Thinh, Surin Kittitornkun  Publisher: Electronic Design, Test and.

Outline Introduction Related work on packet classification Grouper Performance Empirical Evaluation Conclusions.

A Ternary Unification Framework for Optimizing TCAM-Based Packet Classification Systems Author: Eric Norige, Alex X. Liu, and Eric Torng Publisher: ANCS.

Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Author: Anat Bremler-Barr, Yaron Koral, Shimrit Tzur David, David Hay Publisher:

Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Anat Bremler-Barr Interdisciplinary Center Herzliya Shimrit Tzur David Interdisciplinary.

Reviewer: Jing Lu Gigabit Rate Packet Pattern- Matching Using TCAM Fang Yu, Randy H. Katz T. V. Lakshman UC Berkeley Bell Labs, Lucent ICNP’2004.

1 Author: Ioannis Sourdis, Sri Harsha Katamaneni Publisher: IEEE ASAP,2011 Presenter: Jia-Wei Yo Date: 2011/11/16 Longest prefix Match and Updates in Range.

1 A Heuristic and Hybrid Hash- based Approach to Fast Lookup Author: Gianni Antichi, Andrea Di Pietro, Domenico Ficara, Stefano Giordano, Gregorio Procissi,

Efficient Multi-match Packet Classification with TCAM Fang Yu Randy H. Katz EECS Department, UC Berkeley {fyu,

1 A Tree Based Router Search Engine Architecture With Single Port Memories Author: Baboescu, F.Baboescu, F. Tullsen, D.M. Rosu, G. Singh, S. Tullsen, D.M.Rosu,

Deterministic Memory- Efficient String Matching Algorithms for Intrusion Detection Nathan Tuck, Timothy Sherwood, Brad Calder, George Varghese Department.

Efficient IP-Address Lookup with a Shared Forwarding Table for Multiple Virtual Routers Author: Jing Fu, Jennifer Rexford Publisher: ACM CoNEXT 2008 Presenter:

Chapter 2: Algorithm Discovery and Design

1 Energy Efficient Multi-match Packet Classification with TCAM Fang Yu

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

Parallel-Search Trie-based Scheme for Fast IP Lookup

1 Accelerating Multi-Patterns Matching on Compressed HTTP Traffic Authors: Anat Bremler-Barr, Yaron Koral Presenter: Chia-Ming,Chang Date: Publisher/Conf.

Efficient Multi-Match Packet Classification with TCAM Fang Yu

1 OC-3072 Packet Classification Using BDDs and Pipelined SRAMs Author: Amit Prakash, Adnan Aziz Publisher: Hot Interconnects 9, Presenter: Hsin-Mao.

1 Gigabit Rate Multiple- Pattern Matching with TCAM Fang Yu Randy H. Katz T. V. Lakshman

1 A Fast IP Lookup Scheme for Longest-Matching Prefix Authors: Lih-Chyau Wuu, Shou-Yu Pin Reporter: Chen-Nien Tsai.

SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification Fang Yu 1 T. V. Lakshman 2 Martin Austin Motoyama 1 Randy H. Katz 1 1 EECS.

An Efficient IP Lookup Architecture with Fast Update Using Single-Match TCAMs Author: Jinsoo Kim, Junghwan Kim Publisher: WWIC 2008 Presenter: Chen-Yu.

1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:

Fast binary and multiway prefix searches for pachet forwarding Author: Yeim-Kuan Chang Publisher: COMPUTER NETWORKS, Volume 51, Issue 3, pp , February.

Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.

Gnort: High Performance Intrusion Detection Using Graphics Processors Giorgos Vasiliadis, Spiros Antonatos, Michalis Polychronakis, Evangelos Markatos,

Chapter 2: Algorithm Discovery and Design

SHOCK: A Worst-Case Ensured Sub-linear Time Pattern Matching Algorithm for Inline Anti-Virus Scanning Author: Nen-Fu Huang, Wen-Yen Tsai Publisher: IEEE.

1 Efficient packet classification using TCAMs Authors: Derek Pao, Yiu Keung Li and Peng Zhou Publisher: Computer Networks 2006 Present: Chen-Yu Lin Date:

1 Route Table Partitioning and Load Balancing for Parallel Searching with TCAMs Department of Computer Science and Information Engineering National Cheng.

PEDS: Parallel Error Detection Scheme for TCAM Devices David Hay, Politecnico di Torino Joint work with Anat Bremler Barr (IDC, Israel), Danny Hendler.

An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture.

Author: Haoyu Song, Fang Hao, Murali Kodialam, T.V. Lakshman Publisher: IEEE INFOCOM 2009 Presenter: Chin-Chung Pan Date: 2009/12/09.

Shift-based Pattern Matching for Compressed Web Traffic Author: Anat Bremler-Barr, Yaron Koral,Victor Zigdon Publisher: IEEE HPSR,2011 Presenter: Kai-Yang,

Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:

Multi-Field Range Encoding for Packet Classification in TCAM Author: Yeim-Kuan Chang, Chun-I Lee and Cheng-Chien Su Publisher: INFOCOM 2011 Presenter:

1. Outline Introduction Related work on packet classification Grouper Performance Analysis Empirical Evaluation Conclusions 2/42.

IP Address Lookup Masoud Sabaei Assistant professor

StrideBV: Single chip 400G+ packet classification Author: Thilan Ganegedara, Viktor K. Prasanna Publisher: HPSR 2012 Presenter: Chun-Sheng Hsueh Date:

1 Power-Efficient TCAM Partitioning for IP Lookups with Incremental Updates Author: Yeim-Kuan Chang Publisher: ICOIN 2005 Presenter: Po Ting Huang Date:

A Resource Efficient Content Inspection System for Next Generation Smart NICs Karthikeyan Sabhanatarajan, Ann Gordon-Ross* The Energy Efficient Internet.

A Pattern-Matching Scheme With High Throughput Performance and Low Memory Requirement Author: Tsern-Huei Lee, Nai-Lun Huang Publisher: TRANSACTIONS ON.

DBS A Bit-level Heuristic Packet Classification Algorithm for High Speed Network Author : Baohua Yang, Xiang Wang, Yibo Xue, Jun Li Publisher : th.

STRING SEARCHING ENGINE FOR VIRUS SCANNING Author ： Derek Pao, Xing Wang, Xiaoran Wang, Cong Cao, Yuesheng Zhu Publisher ： TRANSACTIONS ON COMPUTERS, 2012.

Memory-Efficient Regular Expression Search Using State Merging Author: Michela Becchi, Srihari Cadambi Publisher: INFOCOM th IEEE International.

Bit Weaving: A Non-Prefix Approach to Compressing Packet Classifiers in TCAMs Author: Chad R. Meiners, Alex X. Liu, and Eric Torng Publisher: 2012 IEEE/ACM.

Cross-Product Packet Classification in GNIFS based on Non-overlapping Areas and Equivalence Class Author: Mohua Zhang, Ge Li Publisher: AISS 2012 Presenter:

Author: Weirong Jiang and Viktor K. Prasanna Publisher: ACM Symposium on Parallel Algorithms and Architectures, SPAA 2009 Presenter: Chin-Chung Pan Date:

Parallel tree search: An algorithmic approach for multi- field packet classification Authors: Derek Pao and Cutson Liu. Publisher: Computer communications.

IP Routing table compaction and sampling schemes to enhance TCAM cache performance Author: Ruirui Guo a, Jose G. Delgado-Frias Publisher: Journal of Systems.

1 Space-Efficient TCAM-based Classification Using Gray Coding Authors: Anat Bremler-Barr and Danny Hendler Publisher: IEEE INFOCOM 2007 Present: Chen-Yu.

1 IP Routing table compaction and sampling schemes to enhance TCAM cache performance Author: Ruirui Guo, Jose G. Delgado-Frias Publisher: Journal of Systems.

Author : Lynn Choi, Hyogon Kim, Sunil Kim, Moon Hae Kim Publisher/Conf : IEEE/ACM TRANSACTIONS ON NETWORKING Speaker : De yu Chen Data :

1 DESIGN AND EVALUATION OF A PIPELINED FORWARDING ENGINE Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan.

Packet Classification Using Multi- Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: 2013 IEEE 37th Annual Computer Software.

Deep Packet Inspection as a Service Author : Anat Bremler-Barr, Yotam Harchol, David Hay and Yaron Koral Conference: ACM 10th International Conference.

A Multi-gigabit Rate Deep Packet Inspection Algorithm using TCAM

Space and Speed Tradeoffs in TCAM Hierarchical Packet Classification

Statistical Optimal Hash-based Longest Prefix Match

Speculative Parallel Pattern Matching

Scalable Memory-Less Architecture for String Matching With FPGAs

Packet Classification Using Coarse-Grained Tuple Spaces

Scalable Multi-Match Packet Classification Using TCAM and SRAM

Authors: A. Rasmussen, A. Kragelund, M. Berger, H. Wessing, S. Ruepp

Design principles for packet parsers

Worst-Case TCAM Rule Expansion

A SRAM-based Architecture for Trie-based IP Lookup Using FPGA

Authors: Ding-Yuan Lee, Ching-Che Wang, An-Yeu Wu Publisher: 2019 VLSI

Presentation transcript:

High Performance String Matching Algorithm for a Network Intrusion Prevention Systems (NIPS) Author： Yaron Weinsberg ,Shimrit Tzur-David ,Danny Dolev and Tal Anker Publisher： High Performance Switching and Routing , 2006 Presenter： Tsung-Lin Hsieh Date： 2011/09/28

Outline Introduction RTCAM algorithm Experimental Results

Introduction The pattern-matching algorithm must be able to operate at wire speed. With networking speeds doubling every year, it is becoming increasingly difficult for software-based solutions to keep up with the line rates. This paper presents a novel pattern matching algorithm, called RTCAM (Rotating TCAM), which suggests the usage of an off-the-shelf TCAM and some additional logic that can be implemented in HW.

Example of snort’s rules within- the maximum number of bytes allowed between two successive pattern matches. offset - indicates from where in the packet the pattern should be searched. distance - the minimum number of bytes allowed between two successive matches. depth - how far into the packet the algorithm should search for the specified pattern.

RTCAM Algorithm Populating the TCAM : two phases Phase I: Split Patterns into w size chunks. Phase II: Create shifted sub-patterns for each prefix by shifting prefix to right and adding don’t care bits. * * : Thus the name Rotating TCAM

RTCAM Algorithm Populating the TCAM w = 4

RTCAM Algorithm Procedure: Construct key of size w bytes at a position pos in packet payload with initial pos = 0. Perform TCAM Lookup. If associated shift value is not equal to zero then repeat first step after shift specified. If zero, then match occurs. Use associated data structures to access possible pattern. Build sub-patterns iteratively and use TCAM for lookup. A complete match only occurs when all sub-patterns match with shift of zero. Repeat first step with a shift of one.

RTCAM Algorithm Patterns List : TCAM_Ptrs used when pattern’s length is greater than w

RTCAM Algorithm TCAM Rules Table (TRT) : correlate a TCAM row and the patterns list.

RTCAM Algorithm Matched Pattern List : Rules List :

RTCAM Algorithm Example : Input Packet =“WWABCDEFTXYZABCDARP“ Matched Against

RTCAM Algorithm “WWABCDEFTXYZABCDAR”

Experimental Results Fully implemented a software version of an RTCAM-NIPS device written in Java and have tested our simulation with two complex pattern sets. ClamAV [17] – Ver 0.82 ,26987 simple patterns Snort [3] The input for our NIPS was comprised of a real packet trace from the MIT DARPA project [18]

Experimental Results ClamAV rule set : Snort rule set :

Experimental Results Scanning Time Results :

Experimental Results Scanning Time Results :

Experimental Results For a TCAM width of 24 : Since the RTCAM algorithm accesses the SRAM every TCAM lookup ,the scan ratio is 2[12] Average shift value is 7.4 SRAM access speed is 5 times of TCAM access speed So ,throughput = (2*7.4) / (1+0.2) = 12.35Gbps (60%)