A Fault-Tolerant Bloom Filter for Deep Packet Inspection

Bloom filters can be used for various networking applications to inspect network packet payload to search for predefined signature strings. Hardware-based bloom filters have drawn a great attention due to the fact that they provide constant lookup times at the cost of small false positives. A fault in bloom filters, however, may render the system unable to function correctly since no false negatives cannot be guaranteed. In this paper, we present a fault- tolerant bloom filter which tolerates faults in such a way that no false negatives can be guaranteed. The proposed architecture is simple enough to be implemented without any significant hardware overhead. Moreover, fault detection and recovery can be made during normal operation with negligible time overhead.

[1]  Stamatis Vassiliadis,et al.  A reconfigurable perfect-hashing scheme for packet inspection , 2005, International Conference on Field Programmable Logic and Applications, 2005..

[2]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[3]  John W. Lockwood,et al.  Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.

[4]  Timothy Sherwood,et al.  A high throughput string matching architecture for intrusion detection and prevention , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[5]  H. Jonathan Chao,et al.  Multi-packet signature detection using prefix bloom filters , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[6]  Evangelos P. Markatos,et al.  Exclusion-based Signature Matching for Intrusion Detection , 2002 .

[7]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[8]  M. V. Ramakrishna,et al.  Efficient Hardware Hashing Functions for High Performance Computers , 1997, IEEE Trans. Computers.