A Multi-gigabit Virus Detection Algorithm Using Ternary CAM
- 703 Downloads
During the last few years, the number of Internet worms and viruses has significantly increased. For the fast detection of Internet worms/viruses, the signature-based scheme with TCAM is necessary for the network intrusion detection system (NIDS). However, due to the limit of the TCAM size, all the signatures of Internet worms/viruses cannot be stored. Hence, we propose a two-phase content inspection algorithm which can support a large number of long signatures at TCAM. From the simulation results, it is shown that our algorithm for TCAM provides a fast virus-detection capability at line rate of 10Gbps (OC192).
KeywordsDeep packet inspection content inspection pattern matching TCAM network security
Unable to display preview. Download preview PDF.
- 1.Snort, http://www.snort.org/
- 2.Clam Antivirus, http://www.clamav.net/
- 3.Liu, H.: Routing Table Compaction in Ternary CAM. IEEE Micro. (2002)Google Scholar
- 4.Ravikumar, V.C., Mahapatra, R.N.: TCAM Architecture for IP Lookup Using Prefix Properties. IEEE Micro. (2004)Google Scholar
- 5.IDT, Network Search Engine (NSE) with QDRTM Interface, http://www1.idt.com/pcms/tempDocs/75K6213452134_DS_80635.pdf
- 6.Sung, J.S., Kang, S.M., Lee, Y.S., Kwon, T.G., Kim, B.T.: A Multi-gigabit Rate Deep Packet Inspection Algorithm using TCAM. IEEE Globecom (2005) (to appear)Google Scholar
- 7.Yu, F., Kats, R.H., Lakshman, T.V.: Gigabit Rate Packet Pattern-Matching Using TCAM. In: IEEE International Conference on Network Protocols (2004)Google Scholar
- 8.Naik, U.R., Chandra, P.R.: Designing High-Performance Networking Applications, p. 472. Intel Press (2004)Google Scholar