Boundary hash for memory-efficient deep packet inspection

N. Sertac Artan, Masanori Bando, H. Jonathan Chao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Network Intrusion Detection and Prevention Systems (NIDPSs) are critical for network security. The Deep Packet Inspection (DPI) operation consumes a significant amount of resources in NIDPS. This is because to detect malicious activity DPI searches a database of signatures for each byte of every packet. In this paper, we develop a highly space-efficient data structure for hardware realization of Minimal Perfect Hash Functions (MPHFs). This data structure is simple to construct, requires 7n bits to represent the MPHF for a set of n keys and allows high-speed DPI.

Original languageEnglish (US)
Title of host publicationICC 2008 - IEEE International Conference on Communications, Proceedings
Pages1732-1737
Number of pages6
DOIs
StatePublished - 2008
EventIEEE International Conference on Communications, ICC 2008 - Beijing, China
Duration: May 19 2008May 23 2008

Other

OtherIEEE International Conference on Communications, ICC 2008
CountryChina
CityBeijing
Period5/19/085/23/08

Fingerprint

Hash functions
Inspection
Intrusion detection
Data storage equipment
Data structures
Network security
Hardware

Keywords

  • Boundary hash
  • Deep packet inspection
  • DPI
  • Minimal perfect hash functions
  • Network intrusion detection and prevention system
  • Network security
  • NIDPS
  • Snort
  • TriBiCa
  • Trie bitmap content analyzer

ASJC Scopus subject areas

  • Media Technology

Cite this

Artan, N. S., Bando, M., & Chao, H. J. (2008). Boundary hash for memory-efficient deep packet inspection. In ICC 2008 - IEEE International Conference on Communications, Proceedings (pp. 1732-1737). [4533369] https://doi.org/10.1109/ICC.2008.333

Boundary hash for memory-efficient deep packet inspection. / Artan, N. Sertac; Bando, Masanori; Chao, H. Jonathan.

ICC 2008 - IEEE International Conference on Communications, Proceedings. 2008. p. 1732-1737 4533369.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Artan, NS, Bando, M & Chao, HJ 2008, Boundary hash for memory-efficient deep packet inspection. in ICC 2008 - IEEE International Conference on Communications, Proceedings., 4533369, pp. 1732-1737, IEEE International Conference on Communications, ICC 2008, Beijing, China, 5/19/08. https://doi.org/10.1109/ICC.2008.333
Artan NS, Bando M, Chao HJ. Boundary hash for memory-efficient deep packet inspection. In ICC 2008 - IEEE International Conference on Communications, Proceedings. 2008. p. 1732-1737. 4533369 https://doi.org/10.1109/ICC.2008.333
Artan, N. Sertac ; Bando, Masanori ; Chao, H. Jonathan. / Boundary hash for memory-efficient deep packet inspection. ICC 2008 - IEEE International Conference on Communications, Proceedings. 2008. pp. 1732-1737
@inproceedings{bc89161812a54aa79ceeffcf52a88b51,
title = "Boundary hash for memory-efficient deep packet inspection",
abstract = "Network Intrusion Detection and Prevention Systems (NIDPSs) are critical for network security. The Deep Packet Inspection (DPI) operation consumes a significant amount of resources in NIDPS. This is because to detect malicious activity DPI searches a database of signatures for each byte of every packet. In this paper, we develop a highly space-efficient data structure for hardware realization of Minimal Perfect Hash Functions (MPHFs). This data structure is simple to construct, requires 7n bits to represent the MPHF for a set of n keys and allows high-speed DPI.",
keywords = "Boundary hash, Deep packet inspection, DPI, Minimal perfect hash functions, Network intrusion detection and prevention system, Network security, NIDPS, Snort, TriBiCa, Trie bitmap content analyzer",
author = "Artan, {N. Sertac} and Masanori Bando and Chao, {H. Jonathan}",
year = "2008",
doi = "10.1109/ICC.2008.333",
language = "English (US)",
isbn = "9781424420742",
pages = "1732--1737",
booktitle = "ICC 2008 - IEEE International Conference on Communications, Proceedings",

}

TY - GEN

T1 - Boundary hash for memory-efficient deep packet inspection

AU - Artan, N. Sertac

AU - Bando, Masanori

AU - Chao, H. Jonathan

PY - 2008

Y1 - 2008

N2 - Network Intrusion Detection and Prevention Systems (NIDPSs) are critical for network security. The Deep Packet Inspection (DPI) operation consumes a significant amount of resources in NIDPS. This is because to detect malicious activity DPI searches a database of signatures for each byte of every packet. In this paper, we develop a highly space-efficient data structure for hardware realization of Minimal Perfect Hash Functions (MPHFs). This data structure is simple to construct, requires 7n bits to represent the MPHF for a set of n keys and allows high-speed DPI.

AB - Network Intrusion Detection and Prevention Systems (NIDPSs) are critical for network security. The Deep Packet Inspection (DPI) operation consumes a significant amount of resources in NIDPS. This is because to detect malicious activity DPI searches a database of signatures for each byte of every packet. In this paper, we develop a highly space-efficient data structure for hardware realization of Minimal Perfect Hash Functions (MPHFs). This data structure is simple to construct, requires 7n bits to represent the MPHF for a set of n keys and allows high-speed DPI.

KW - Boundary hash

KW - Deep packet inspection

KW - DPI

KW - Minimal perfect hash functions

KW - Network intrusion detection and prevention system

KW - Network security

KW - NIDPS

KW - Snort

KW - TriBiCa

KW - Trie bitmap content analyzer

UR - http://www.scopus.com/inward/record.url?scp=51249094491&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51249094491&partnerID=8YFLogxK

U2 - 10.1109/ICC.2008.333

DO - 10.1109/ICC.2008.333

M3 - Conference contribution

SN - 9781424420742

SP - 1732

EP - 1737

BT - ICC 2008 - IEEE International Conference on Communications, Proceedings

ER -