• Corpus ID: 5901560

Efficient techniques for fast packet classification

  title={Efficient techniques for fast packet classification},
  author={Alok Tongaonkar},
Stony Brook University. SBU Graduate School in Computer Science. Lawrence Martin (Dean of Graduate School), Professor R. Sekar, (Advisor) Computer Science Department, Stony Brook University, Professor I. V. Ramakrishnan, (Chairman) Computer Science Department, Stony Brook University, Professor Robert Johnson, (Committee Member) Computer Science Department, Stony Brook University, Professor Nitesh Saxena, (External Committee Member) Computer Science and Engineering Department, Polytechnic… 

Condition Factorization: A Technique for Building Fast and Compact Packet Matching Automata

This work presents a new technique that constructs polynomial size automata that can uniformly handle prioritized and unprioritized rules, and support applications that require single-match as well as multi-match.



Packet classification on multiple fields

It is found that a simple multi-stage classification algorithm, called RFC (recursive flow classification), can classify 30 million packets per second in pipelined hardware, or one million packetsper second in software.

The BSD Packet Filter: A New Architecture for User-level Packet Capture

The BSD Packet Filter (BPF) uses a new, register-based filter evaluator that is up to 20 times faster than the original design, and uses a straighforward buffering strategy that makes its overall performance up to 100 times better than Sun's NIT running on the same hardware.

A modular approach to packet classification: algorithms and results

  • Thomas Y. C. Woo
  • Computer Science
    Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064)
  • 2000
A novel approach to packet classification which combines a heuristic tree search with the use of filter buckets is proposed and studied, which is unique in the sense that it can adapt to the input packet distribution by taking into account the relative filter usage.

The packer filter: an efficient mechanism for user-level network code

The packet filter is described, a kernel-resident, protocol-independent packet demultiplexer, which performs quite well, and has been in production use for several years.

Fast Content-Based Packet Handling for Intrusion Detection

The problem of intrusion detection is restructured to allow the use of more efficient string matching algorithms that operate on sets of patterns in parallel and a new string matching algorithm is introduced that has average-case performance that is better than the best theoretical algorithm and muchbetter than the currently deployed algorithm.

Fast and memory-efficient regular expression matching for deep packet inspection

This paper shows that memory requirements using traditional methods are prohibitively high for many patterns used in packet scanning applications, and proposes regular expression rewrite techniques that can effectively reduce memory usage, and develops a grouping scheme that can strategically compile a set of regular expressions into several engines.

Packet Classification using Hierarchical Intelligent Cuttings

A heuristic, called HiCuts, (hierarchical intelligent cuttings), which exploits the structure found in classifiers and is found to classify packets quickly and has relatively small storage requirements.

High-speed policy-based packet forwarding using efficient multi-dimensional range matching

New packet classification schemes are presented that, with a worst-case and traffic-independent performance metric, can classify packets, by checking amongst a few thousand filtering rules, at rates of a million packets per second using range matches on more than 4 packet header fields.

PathFinder: A Pattern-Based Packet Classifier

A performance study shows that the software implementation is about twice as fast as existing mechanisms, and that the hardware implementation is currently able to keep up with OC-12 network links and is likely to operate at gigabit speeds in the near future.

A high-performance network intrusion detection system

This paper presents a new approach for network intrusion detection based on concise specifications that characterize normal and abnormal network packet sequences, which can easily support new network protocols as information relating to the protocols are not hard-coded into the system.