.kogl_cc_info .cc_img_box { background: url(/ksp/resources/ksp/img/background/kogl_type4_en.jpg) no-repeat; } body { min-width: 1200px; } .list_tbl .abstracts { width: 700px; overflow: hidden; white-space: nowrap; text-overflow:ellipsis; color: #666; margin-top: 3px; }

ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Conference Paper An Efficient Multi-Packet Inspection Scheme without Packet Reassmbly
Cited - time in scopus Share share facebook twitter linkedin kakaostory
Authors
Woo Sug Jung, Seok Min Kang, Young Seok Lee, Taeck Geun Kwon
Issue Date
2005-12
Citation
International Conference on Computational and Information Science (CIS) 2005, pp.1-5
Language
English
Type
Conference Paper
Abstract
In order to detect and block malicious attempts belonging to a single flow, deep packet inspection is essential. However, packets of a single flow may not be in-order unexpectedly or intentionally for the avoidance of detection. This requires significant processing overhead to achieve multi-gigabit intrusion detection and prevention. In this paper, we propose the "hash-based partial content match mechanism" which provides the high-speed multi-packet inspection without a packet reassembly. Since our algorithm uses hash value for storing partially matched status and uses TCAM for supporting packet inspection as line speed in multigigabit networks, it could reduce the memory size up to 1/(m -1), where m is a TCAM width, which will achieve 10Gbps performance. From the experiments with a pilot system, it is shown that multi-packet inspection performs less than 2Gbps.
KSP Keywords
High Speed, Intrusion detection and prevention, Memory size, Multi-Gigabit, content match, deep packet inspection(DPI), hash value, pilot system