TriBiCa: Trie Bitmap Content Analyzer for High-Speed Network Intrusion Detection

Download Now Free registration required

Executive Summary

Deep Packet Inspection (DPI) is often used in Network Intrusion Detection and Prevention Systems (NIDPS), where incoming packet payloads are compared against known attack signatures. Processing every single byte in the incoming packet payload has a very stringent time constraint, e.g., 200 ps for a 40-Gbps line. Traditional DPI systems either need a large memory space or use special memory such as Ternary Content Addressable Memory (TCAM), limiting parallelism, or yielding high cost/power consumption. In this paper, the authors present a highspeed, single-chip DPI scheme that is scalable and configurable through memory updates.

  • Format: PDF
  • Size: 590 KB