论文信息 - A Property-Based Technique for Tolerating Faults in Bloom Filters for Deep Packet Inspection

A Property-Based Technique for Tolerating Faults in Bloom Filters for Deep Packet Inspection

In network security applications, such as network intrusion detection, string matching is used to scan packets to detect malicious content. Bloom filters have drawn a great attention due to the fact that they can provide constant lookup times at the cost of small false positives. A fault in Bloom filters, however, cannot guarantee no-false-negatives. In this paper, we present a property-based technique for tolerating faults in Bloom filters for deep packet inspection. It employs a single spare hashing unit in each Bloom filter to detect and eliminate false negatives until the spare itself is faulty. The design is simple to be implemented in hardware. Moreover, the process for eliminating false negatives can be done without reducing the system throughput.

Yoon-Hwa Choi | Myeong-Hyeon Lee

[1] John W. Lockwood,et al. Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.

[2] Andrei Broder,et al. Network Applications of Bloom Filters: A Survey , 2004, Internet Math..

[3] M. V. Ramakrishna,et al. Efficient Hardware Hashing Functions for High Performance Computers , 1997, IEEE Trans. Computers.

[4] Timothy Sherwood,et al. A High Throughput String Matching Architecture for Intrusion Detection and Prevention , 2005, ISCA 2005.

[5] Burton H. Bloom,et al. Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[6] George Varghese,et al. Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[7] H. Jonathan Chao,et al. Multi-packet signature detection using prefix bloom filters , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[8] Stamatis Vassiliadis,et al. A reconfigurable perfect-hashing scheme for packet inspection , 2005, International Conference on Field Programmable Logic and Applications, 2005..