For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Packet Classification with Hierarchical Cross-Producting
Chun-Liang LEE Chia-Tai CHAN Pi-Chung WANG
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2010/05/01
Online ISSN: 1745-1361
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
packet classification, packet forwarding, firewalls, network intrusion detection systems,
Full Text: PDF(758.8KB)
>>Buy this Article
Packet classification has become one of the most important application techniques in network security since the last decade. The technique involves a traffic descriptor or user-defined criteria to categorize packets to a specific forwarding class which will be accessible for future security handling. To achieve fast packet classification, we propose a new scheme, Hierarchical Cross-Producting. This approach simplifies the classification procedure and decreases the distinct combinations of fields by hierarchically decomposing the multi-dimensional space based on the concept of telescopic search. Analogous to the use of telescopes with different powers**, a multiple-step process is used to search for targets. In our scheme, the multi-dimensional space is endowed with a hierarchical property which self-divides into several smaller subspaces, whereas the procedure of packet classification is translated into recursive searching for matching subspaces. The required storage of our scheme could be significantly reduced since the distinct field specifications of subspaces is manageable. The performance are evaluated based on both real and synthetic filter databases. The experimental results demonstrate the effectiveness and scalability of the proposed scheme.