Unlock instant, AI-driven research and patent intelligence for your innovation.

Filter for network intrusion and virus detection

a filter and network intrusion technology, applied in the field of network processing, can solve the problems of insufficient generalized reconfigurable architectures to accelerate string matching in packet inspection for network applications such as intrusion detection/prevention and virus detection, and the difficulty or inability of state-the-art processors to implement the design,

Inactive Publication Date: 2010-07-01
TAHOE RES LTD
View PDF10 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Matching every byte of an incoming data stream against a large database of patterns (e.g. up to hundreds of thousands) is very compute-intensive.
Designing a filter for a specific problem may be tedious, and at high data rates it is difficult or impossible for state-of-the art processors to implement the design at rates even close to line-rate.
To date, more generalized reconfigurable architectures to accelerate string matching in packet inspection for network applications such as intrusion detection / prevention and virus detection have not been fully explored.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Filter for network intrusion and virus detection
  • Filter for network intrusion and virus detection
  • Filter for network intrusion and virus detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0012]Methods and apparatus to perform string matching for network packet inspection are disclosed below. In some embodiments, a filter apparatus may be configured as a set of string matching slice circuits, each slice circuit of the set being configured to perform string matching steps in parallel with other slice circuits. Each slice circuit may include an input window storing some number of bytes of data from an input data steam. The input window of data may be padded if necessary, and may be multiplied by a distinct Galois-field polynomial modulo an irreducible Galois-field polynomial to generate a hash index. A storage location of a memory slice corresponding to the hash index may be accessed to generate a slice-hit signal of a plurality of slice-hit signals. The slice-hit signal may be provided to an AND-OR logic array where the plurality of slice-hit signals is logically combined into a match result.

[0013]Embodiments of such methods and apparatus represent reconfigurable arch...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Methods and apparatus to perform string matching for network packet inspection are disclosed. In some embodiments there is a set of string matching slice circuits, each slice circuit of the set being configured to perform string matching steps in parallel with other slice circuits. Each slice circuit may include an input window storing some number of bytes of data from an input data steam. The input window of data may be padded if necessary, and then multiplied by a polynomial modulo an irreducible Galois-field polynomial to generate a hash index. A storage location of a memory corresponding to the hash index may be accessed to generate a slice-hit signal of a set of H slice-hit signals. The slice-hit signal may be provided to an AND-OR logic array where the set of H slice-hit signals is logically combined into a match result.

Description

FIELD OF THE DISCLOSURE[0001]This disclosure relates generally to the field of network processing. In particular, the disclosure relates to a novel filter architecture to accelerate string matching in packet inspection for network applications such as intrusion detection / prevention and virus detection.BACKGROUND OF THE DISCLOSURE[0002]In modem networks, applications such as intrusion detection / prevention and virus detection are important for protecting the networks and / or network users from attacks. In such applications network packets are often inspected to identify problematic packets by finding matches to a known set of data patterns. Matching every byte of an incoming data stream against a large database of patterns (e.g. up to hundreds of thousands) is very compute-intensive. Programs have used techniques such as finite-state machines and filters to find matches to known sets.[0003]A Bloom filter, conceived by Burton H. Bloom in 1970, is a probabilistic structure for determinin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F17/10
CPCG06F7/02G06F21/567G06F2207/025G06F16/90344H04L63/1416H04L63/145G06F16/9014H04L63/0245
Inventor GOPAL, VINODHCLARK, CHRISTOPHER F.WOLRICH, GILBERTFEGHALI, WAJDI
Owner TAHOE RES LTD