Abstract
Because of the ever-increasing popularity of the Internet, network monitoring becomes very mission critical to guarantee the operation of IP networks, e.g. to detect network failures and stop intrusion attempts. A majority of these monitoring tasks require only a small subset of all passing packets, which share some common properties such as identical header fields or similar patterns in their data. Nowadays, next to the increasing network speed, much of these tasks become very complex. In order to capture only the useful packets, these applications need to evaluate a large set of expressions. In this paper, we present a platform independent filter and pattern matcher optimization algorithm, which reduces the required number of evaluated expressions. The performance of the algorithm will be validated both analytically and by means of a high-speed monitoring system.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Begel, A., McCanne, S., Graham, S.L.: BPF+: Exploiting Global Data-flow Optimization in a Generalized Packet Filter Architecture. Proc. ACM SIGCOMM 1999 (August 1999)
Boyer, R., Moore, J.: A fast string searching algorithm. Commun. ACM 20(10), 762–772 (1977)
Horspool, R.: Practical fast searching in strings. Software Practice and Experience 10(6), 501–506 (1980)
Jacobson, V., Leres, C., McCanne, S.: tcpdump manual page, Lawrence Berkeley National Laboratory, University of California, Berkeley, CA (2001)
Markatos, E., Antonatos, S., Polychronakis, M., Anagnostakis, K.: Exclusionbased Signature Matching for Intrusion Detection. In: Proceedings of IASTED International Conference on Communications and Computer Networks, CCN 2002 (October 2002)
Ethereal, Sniffing the glue that holds the Internet together, http://www.ethereal.com/
IST-SCAMPI, A Scaleable Monitoring Platform for the Internet, http://www.ist-scampi.org/
Snort, The Open Source Network Intrusion Detection System, http://www.snort.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coppens, J., De Smet, S., Van den Berghe, S., De Turck, F., Demeester, P. (2004). Performance Evaluation of a Probabilistic Packet Filter Optimization Algorithm for High-Speed Network Monitoring. In: Mammeri, Z., Lorenz, P. (eds) High Speed Networks and Multimedia Communications. HSNMC 2004. Lecture Notes in Computer Science, vol 3079. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25969-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-25969-5_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22262-0
Online ISBN: 978-3-540-25969-5
eBook Packages: Springer Book Archive