%0 Journal Article
%T Fast Packet Inspection Using State-Based Bloom Filter Engine<br>基于有状态Bloom filter引擎的高速分组检测
%A YE Ming-Jiang
%A CUI Yong
%A XU Ke
%A WU Jian-Ping
%A <br>叶明江
%A 崔勇
%A 徐恪
%A 吴建平
%J 软件学报
%D 2007
%I 
%X More and more network security applications depend on inspecting the content of the packets to detect the malicious attacks. To detect these attacks online, packet inspection demands exceptionally high performance. A lot of research works have been done in this field, and yet there is still significant room for improvement in throughput and scalability. This paper proposes a fast packet inspection algorithm based on state-based Bloom filter engines (SABFE). To achieve high throughput, parallel design is adopted when searching in one Bloom filter engine and between multiple Bloom filter engines. In addition, specific lookup table and prefix register heap are constructed in SABFE to keep the state of the matched prefix for the sake of detecting long patterns. The analysis and the evaluation show that the high throughput of the algorithm can satisfy the wire speed detection requirement when the low resource consumption in hardware resource further improves the scalability of SABFE.
%K Bloom filter<br>网络安全
%K 网络入侵检测
%K 分组检测
%K 串匹配
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=7735F413D429542E610B3D6AC0D5EC59&aid=C3B644E0AD95678F&yid=A732AF04DDA03BB3&vid=13553B2D12F347E8&iid=CA4FD0336C81A37A&sid=7555FB9CC973F695&eid=6FBD78E3BAB60869&journal_id=1000-9825&journal_name=软件学报&referenced_num=7&reference_num=15