Journal of South China University of Technology (Natural Science Edition) ›› 2008, Vol. 36 ›› Issue (9): 15-19.

• Computer Science & Technology • Previous Articles     Next Articles

A Method of On-Line Dynamic Inspection for Network Packet Contents

Xu Ke-fu  Qi De-yu  Qian Zheng-ping  Xiang Jun  Zheng Wei-ping   

  1. Research Institute of Computer System, South China University of Technology, Guangzhou 510640, Guangdong,China
  • Received:2007-09-14 Revised:1900-01-01 Online:2008-09-25 Published:2008-09-25
  • Contact: 徐克付(1977-),男,博士生,主要从事网络信息安全研究. E-mail:xkfool@163.com
  • About author:徐克付(1977-),男,博士生,主要从事网络信息安全研究.
  • Supported by:

    中国博士后科学基金资助项目(2005037582);粤港关键领域重点突破项目(2005A10307007)

PDF

672

Abstract:

In the high-speed inspection of network contents, the multi-pattern matching algorithm is inefficient and the pattern set continuously changes. In order to solve these problems, an on-line dynamic inspection method with two loosely-coupled pipelines is proposed. This method consists of a fast pipeline and a slow one. In the fast pipeline, parallel Counting Bloom filter engines which can perform fast dynamic query are adopted to filter the network packet, while in the slow one, a high-performance dynamic pattern matching algorithm is adopted to distinguish the suspicious packet coming from the fast pipeline. Thus, the block to normal packets can be removed and the on-line inspection can be achieved. Moreover, according to the locality principle of programs, a length threshold is set to implement the scalability for long rules. Analytical and simulated results indicate that the proposed inspection method with high throughput meets the requirements of on-line dynamic inspection of network packet contents well with low hardware consumption and high scalability.

Key words: Bloom filter, computer network, deep packet inspection, dynamic pattern matching