| Summary: | 碩士 === 臺灣大學 === 電機工程學研究所 === 95 === Packet classification is an important part of many Internet security applications, such as firewalls and intrusion detection. A packet classifier uses packet header information to decide if a packet matches any rule in a rule database. There exist many algorithms in this research area. However, many of them have the drawback of requiring a large amount of memory storage in general and consume small amount of memory only in some particular conditions, like using some kind of rule databases or with several restrictions. When the contents of the rule database changes, the memory requirement may become unaffordable, even the rule number remains the same. If those packet classifiers are going to be implemented on hardware, they may not be accepted due to the memory requirement and the limited amount of memory on hardware. To overcome this problem, we proposed a packet classification architecture called Probable Bit Vector (PBV), which combines the concepts of aggregated and folded bit vectors, the rule rearrangement, the Split IP Index Table data structure, and FPGA hardware circuits. With this architecture, we can guarantee that in any case the maximum amount of memory requirement will not exceed a relatively small number, and experiments with synthetically generated rule databases have showed that the average performance is still acceptable.
|
|---|
