Abstract
The demand for on-line analyzing of internet traffic for both security and QoS consideration directly increases as a function of using diverse applications and as malicious attacks increase. This paper presents a new fast parallel packet classification algorithm based on entropy hashing. The algorithm uses a one-level hashing data structure and enables partitioning a very large rules-set into smaller uniformly distributed sub-rules look-up tables based on maximum entropy and Most Significant Bit (MSB) pattern hash keys. This minimizes the classifier searches only to the relevant appropriate look-up table using the same hash key, and therefore significantly shortens the classification process. A further speed-up factor is achieved by parallelizing the classification algorithm using Nvidia Graphics Processing Unit (GPU). The proposed algorithm is applied to both ACL and FW applications using common synthetic rules-sets of size up to 500k rules. The simulation results show that the proposed algorithm outperforms existing classifiers in terms of both speed up and memory utilization. The required memory size is significantly reduced, and a classification speed-up factor of up to 200 is demonstrated compared to a similar serial approach.
Highlights
The rapid increase of both network bandwidth and malicious attacks, as well as the increased use of diverse applications, requires analyzing and controlling internet traffic for both security and QoS (Quality of Service) considerations while gaining line speeds [1]
Since a linear search is carried out to find a match against the rules list in a sub-table, the algorithm complexity linearly depends on the number of rules in the tested sub-table
While [16] presents two-level hashing we suggest a one-level hashing approach using mutual information gain (IG) instead of the maximum entropy proposed by [16]
Summary
The rapid increase of both network bandwidth and malicious attacks, as well as the increased use of diverse applications, requires analyzing and controlling internet traffic for both security and QoS (Quality of Service) considerations while gaining line speeds [1]. RELATED WORK Kang and Deng [33] propose a GPU-based linear search framework using a meta-programming technique for packet classification They investigate the previous DBS hash-based algorithm and demonstrate a speedup factor of 17 in comparison to a CPU-based implementation. They propose two-level hashing using two different hash keys: a first level hashing based on maximum entropy derived from the port and protocol fields, and a second level hashing based on the MSB pattern of the IP fields This approach presents promising results in terms of speed performance (207 memory accesses for 500k rules), it suffers from a very poor memory utilization and requires a huge storage memory (32 GB in the worst-case scenario).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
