Cart (Loading....) | Create Account
Close category search window
 

Binary-tree-based high speed packet classification system on FPGA

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Jingjiao Li ; Coll. of Inf. Sci. & Eng., Northeastern Univ., Shenyang, China ; Yong Chen ; Cholman Ho ; Zhenlin Lu

In the network intrusion detection system (NIDS), there is a limitation on the speed of software-based packet classification because of the processor performance, the serial program execution and so on. It has become a great challenge to develop scalable solutions for next-generation packet classification that support higher throughput, larger rule sets and more packet header fields. For low-cost high performance embedded networking applications, the best solution could be doing packet classification by special designed hardware, which can effectively release the burden of system CPU. In order to improve the speed of packet classification, exhibit good memory performance and support quick rule update, a high-speed packet classification system based on FPGA is proposed in this paper. Taking advantage of parallel processing, pipeline and hardware circuit, the throughput has been improved greatly; defining the size of the tree nodes to be binary tree, the memory usage can be more efficient. The binary tree structure is generated through pre-processing on computer, which does not influence the searching speed of FPGA. During the packet header division, the division field is dynamic and selected according to the rules. The experimental results show that the pre-processing time for 50000 rules is shorter than 0.051s, the average speed of rule-header classification for Snort IDS is higher than 10 Gbps.

Published in:

Information Networking (ICOIN), 2013 International Conference on

Date of Conference:

28-30 Jan. 2013

Need Help?


IEEE Advancing Technology for Humanity About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2014 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.