Skip to main content
SpringerLink
Log in
Book cover

IEEE International Conference on High Speed Networks and Multimedia Communications

HSNMC 2004: High Speed Networks and Multimedia Communications pp 120–131Cite as

Performance Evaluation of a Probabilistic Packet Filter Optimization Algorithm for High-Speed Network Monitoring

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3079))

Abstract

Because of the ever-increasing popularity of the Internet, network monitoring becomes very mission critical to guarantee the operation of IP networks, e.g. to detect network failures and stop intrusion attempts. A majority of these monitoring tasks require only a small subset of all passing packets, which share some common properties such as identical header fields or similar patterns in their data. Nowadays, next to the increasing network speed, much of these tasks become very complex. In order to capture only the useful packets, these applications need to evaluate a large set of expressions. In this paper, we present a platform independent filter and pattern matcher optimization algorithm, which reduces the required number of evaluated expressions. The performance of the algorithm will be validated both analytically and by means of a high-speed monitoring system.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Begel, A., McCanne, S., Graham, S.L.: BPF+: Exploiting Global Data-flow Optimization in a Generalized Packet Filter Architecture. Proc. ACM SIGCOMM 1999 (August 1999)

    Google Scholar 

  2. Boyer, R., Moore, J.: A fast string searching algorithm. Commun. ACM 20(10), 762–772 (1977)

    Article  Google Scholar 

  3. Horspool, R.: Practical fast searching in strings. Software Practice and Experience 10(6), 501–506 (1980)

    Article  Google Scholar 

  4. Jacobson, V., Leres, C., McCanne, S.: tcpdump manual page, Lawrence Berkeley National Laboratory, University of California, Berkeley, CA (2001)

    Google Scholar 

  5. Markatos, E., Antonatos, S., Polychronakis, M., Anagnostakis, K.: Exclusionbased Signature Matching for Intrusion Detection. In: Proceedings of IASTED International Conference on Communications and Computer Networks, CCN 2002 (October 2002)

    Google Scholar 

  6. Ethereal, Sniffing the glue that holds the Internet together, http://www.ethereal.com/

  7. IST-SCAMPI, A Scaleable Monitoring Platform for the Internet, http://www.ist-scampi.org/

  8. Snort, The Open Source Network Intrusion Detection System, http://www.snort.org/

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology (INTEC), Ghent University - IMEC, Sint-Pietersnieuwstraat 41, B-9000, Gent, Belgium

    Jan Coppens, Stijn De Smet, Steven Van den Berghe, Filip De Turck & Piet Demeester

Authors
  1. Jan Coppens
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stijn De Smet
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Steven Van den Berghe
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Filip De Turck
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Piet Demeester
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IRIT - Paul Sabatier University - Toulouse, France

    Zoubir Mammeri

  2. IUT, University of Haute Alsace, 34, rue du Grillenbreit, 68008, Colmar, France

    Pascal Lorenz

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Coppens, J., De Smet, S., Van den Berghe, S., De Turck, F., Demeester, P. (2004). Performance Evaluation of a Probabilistic Packet Filter Optimization Algorithm for High-Speed Network Monitoring. In: Mammeri, Z., Lorenz, P. (eds) High Speed Networks and Multimedia Communications. HSNMC 2004. Lecture Notes in Computer Science, vol 3079. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25969-5_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-25969-5_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22262-0

  • Online ISBN: 978-3-540-25969-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation