Improved TCAM-Based Pre-Filtering for Network Intrusion Detection Systems

Chang, Yeim-Kuan; Tsai, Ming-Li; Su, Cheng-Chien

doi:10.1109/aina.2008.120

Cited by 4 publications

(3 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Previous studies (e.g., [4], [16]) have shown that constructing an appropriate filtration mechanism is a promising way to handle overhead packets. Motivated by this line of research, we developed a trust-based packet filter using Bayesian inference to help reduce a large number of network packets for a single NIDS [21], where the trust-based approach was proven to be better than a statistic-based method [20], [23].…”

Section: A Background Of Single Trust-based Packet Filtermentioning

confidence: 99%

“…Later, Chang et al [4] provided two techniques to improve the FNP-like TCAM searching engine (FTSE) in high-speed networks, which was a two-stage architecture in detecting whether an incoming string contains patterns. The first approach performs pattern matching with a w-byte suffix instead of a w-byte prefix; and the second approach leverages the matching results from all groups excluding the first group.…”

Section: B Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Towards Effective Trust-Based Packet Filtering in Collaborative Network Environments

Meng

Kwok

2017

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

 Users may download and print one copy of any publication from the public portal for the purpose of private study or research.  You may not further distribute the material or use it for any profit-making activity or commercial gain  You may freely distribute the URL identifying the publication in the public portal If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.

show abstract

Section: A Background Of Single Trust-based Packet Filtermentioning

confidence: 99%

Section: B Related Workmentioning

confidence: 99%

Towards Effective Trust-Based Packet Filtering in Collaborative Network Environments

Meng

Kwok

2017

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

show abstract

“…With technology scaling over the last 20 years, TCAM capacity has increased from 64Kb [57] to 9Mb [26], while typical array width has grown from 72 bits to 576 bits. Numerous networking applications have emerged to leverage the benefits of TCAM, including packet classification [29], access control list filtering [39], and network intrusion detection [11]. Table 1 shows a comparison among CMOS-based TCAM, SRAM, and DRAM chips.…”

Section: Associative Computing and Ternary Content Addressable Memoriesmentioning

confidence: 99%

A resistive TCAM accelerator for data-intensive computing

Guo

Bai

et al. 2011

Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture

View full text Add to dashboard Cite

Power dissipation and o↵-chip bandwidth restrictions are critical challenges that limit microprocessor performance. Ternary content addressable memories (TCAM) hold the potential to address both problems in the context of a wide range of data-intensive workloads that benefit from associative search capability. Power dissipation is reduced by eliminating instruction processing and data movement overheads present in a purely RAM based system. Bandwidth demand is lowered by processing data directly on the TCAM chip, thereby decreasing o↵-chip tra c. Unfortunately, CMOSbased TCAM implementations are severely power-and arealimited, which restricts the capacity of commercial products to a few megabytes, and confines their use to niche networking applications.This paper explores a novel resistive TCAM cell and array architecture that has the potential to scale TCAM capacity from megabytes to gigabytes. High-density resistive TCAM chips are organized into a DDR3-compatible DIMM, and are accessed through a software library with zero modifications to the processor or the motherboard. On applications that do not benefit from associative search, the TCAM DIMM is configured to provide ordinary RAM functionality. By tightly integrating TCAM with conventional virtual memory, and by allowing a large fraction of the physical address space to be made content-addressable on demand, the proposed memory system improves average performance by 4⇥ and average energy consumption by 10⇥ on a set of evaluated data-intensive applications.

show abstract

Resistive Memories in Associative Computing

Ïpek

Guo

et al. 2013

Emerging Memory Technologies

View full text Add to dashboard Cite

Improved TCAM-Based Pre-Filtering for Network Intrusion Detection Systems

Cited by 4 publications

References 7 publications

Towards Effective Trust-Based Packet Filtering in Collaborative Network Environments

Towards Effective Trust-Based Packet Filtering in Collaborative Network Environments

A resistive TCAM accelerator for data-intensive computing

Resistive Memories in Associative Computing

Contact Info

Product

Resources

About