Abstract
The demand for on-line analyzing of internet traffic for both security and QoS consideration directly increases as a function of using diverse applications and as malicious attacks increase. This paper presents a new fast parallel packet classification algorithm based on entropy hashing. The algorithm uses a one-level hashing data structure and enables partitioning a very large rules-set into smaller uniformly distributed sub-rules look-up tables based on maximum entropy and Most Significant Bit (MSB) pattern hash keys. This minimizes the classifier searches only to the relevant appropriate look-up table using the same hash key, and therefore significantly shortens the classification process. A further speed-up factor is achieved by parallelizing the classification algorithm using Nvidia Graphics Processing Unit (GPU). The proposed algorithm is applied to both ACL and FW applications using common synthetic rules-sets of size up to 500k rules. The simulation results show that the proposed algorithm outperforms existing classifiers in terms of both speed up and memory utilization. The required memory size is significantly reduced, and a classification speed-up factor of up to 200 is demonstrated compared to a similar serial approach.
| Original language | English |
|---|---|
| Article number | 9078110 |
| Pages (from-to) | 80610-80623 |
| Number of pages | 14 |
| Journal | IEEE Access |
| Volume | 8 |
| DOIs | |
| State | Published - 1 Jan 2020 |
Keywords
- GPU
- Packet classification
- entropy
- hashing
- information gain
- parallelism
ASJC Scopus subject areas
- Computer Science (all)
- Materials Science (all)
- Engineering (all)