Download Now Free registration required
Multi-match packet classification is a critical function in Network Intrusion Detection Systems (NIDS), where all matching rules for a packet need to be reported. Most of the previous work is based on Ternary Content Addressable Memories (TCAMs) which are expensive and are not scalable with respect to clock rate, power consumption, and circuit area. This paper studies the characteristics of real-life Snort NIDS rule sets, and proposes a novel SRAM-based architecture. The proposed architecture is called Field-Split parallel Bit Vector (FSBV) where some header fields of a packet are further split into bit-level subfields.
- Format: PDF
- Size: 273.42 KB