1 / 17

An index-split Bloom filter for deep packet inspection

An index-split Bloom filter for deep packet inspection. Author : HUANG Kun and ZHANG DaFang Publisher : SCIENCE CHINA Information Sciences 2011 Presenter : Jo- Ning Yu Date : 2011/10/12. Key idea Index-split Bloom filter Lazy deletion algorithm Vacant insertion algorithm Evaluation.

oswald
Download Presentation

An index-split Bloom filter for deep packet inspection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An index-split Bloom filter for deep packet inspection Author : HUANG Kun and ZHANG DaFang Publisher : SCIENCE CHINA Information Sciences 2011 Presenter : Jo-Ning Yu Date : 2011/10/12

  2. Key idea Index-split Bloom filter Lazy deletion algorithm Vacant insertion algorithm Evaluation Outline

  3. Key idea

  4. Index-split Bloom filter

  5. Query example

  6. When an item is deleted, the ISBF needs to adjust indexes of other off-chip items and reconstruct all on-chip CBFs, which leads to high deletion overhead, without support for dynamically changed items. An on-chipdeletion bitmap is exploited to record states of all off-chip items. When an item x is deleted, the state of x in the deletion bitmap is set at 1, and at the same time x is deleted from each group of on-chip parallel CBFs, while not adjusting indexes of other off-chip items behind x. Lazy deletion algorithm

  7. Lazy deletion algorithm

  8. Lazy deletion algorithm

  9. The on-chip deletion bitmap is exploited to record states of all off-chip items, and states of vacant locations are ones. When an item x is inserted, one of vacant locations is randomly selected from the deletion bitmap for an insertion, and its state is reset at 0. The index of the vacant location is allocated to the logical index of x. The number of ones before the state of x in the deletion bitmap is counted to compute the physical address of x, and thus x is inserted into the physical address in off-chip memory, while keeping indexes of other off-chip items behind x invariable. Vacant insertion algorithm

  10. Vacant insertion algorithm

  11. Vacant insertion algorithm

  12. K = 6 When n=10000 and b=7, the false positive off-chip memory accesses is minimized. When n=1000–4000 and b=6, the false positive off-chip memory accesses is nearly minimized. Evaluation

  13. Evaluation – synthetic rule set

  14. Evaluation – synthetic rule set

  15. Evaluation – synthetic rule set

  16. Snort 2.7 4077 signature strings Rule-1 : 956; Rule-2 : 1170; Rule-3 : 945; Rule-4 : 1006 Evaluation – real rule set

  17. Evaluation

More Related