Abstract
In network security applications, such as network intrusion detection, string matching is used to scan packets to detect malicious content. Bloom filters have drawn a great attention due to the fact that they can provide constant lookup times at the cost of small false positives. A fault in Bloom filters, however, cannot guarantee no-false-negatives. In this paper, we present a property-based technique for tolerating faults in Bloom filters for deep packet inspection. It employs a single spare hashing unit in each Bloom filter to detect and eliminate false negatives until the spare itself is faulty. The design is simple to be implemented in hardware. Moreover, the process for eliminating false negatives can be done without reducing the system throughput.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bloom, B.: Space/time tradeoffs in hash coding with allowable errors. Communications of the ACM 13(7), 422–426 (1970)
Dharmapurikar, S., Krishnamurthy, P., Sproull, T.S., Lockwood, J.W.: Deep packet inspection using parallel Bloom filters. IEEE Micro, 52–61 (2004)
Artan, N.S., Chao, H.J.: Multi-packet signature detection using prefix Bloom filters. IEEE GlOBECOM, 1811–1816 (2005)
Broder, A., Mitzenmacher, M.: Network applications of Bloom filters: A survey. Internet Mathematics, 485–509 (2003)
Ramakrishna, M.V., Fu, E., Bahcekapilli, E.: Efficient hardware hashing functions for high performance computers. IEEE Trans. Computers 46(12), 1378–1381 (1997)
Tan, L., Sherwood, T.: A high throughput string matching architecture for intrusion detection and prevention. IEEE Int. Symp. Comput. Arch. 112–122 (2005)
Sourdis, I., Pnevmatikatos, D.N., Wong, S., Vassiliadis, S.: A reconfigurable perfect-hashing scheme for packet inspection. In: IEEE Int. Conf. Field Programmable Logic and Applications, pp. 644–647 (2005)
Tuck, N., Sherwood, T., Calder, B., Varghese, G.: Deterministic memory-efficient string matching algorithms for intrusion detection. IEEE Infocom, pp. 2628–2639 (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Choi, YH., Lee, MH. (2007). A Property-Based Technique for Tolerating Faults in Bloom Filters for Deep Packet Inspection. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds) Autonomic and Trusted Computing. ATC 2007. Lecture Notes in Computer Science, vol 4610. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73547-2_55
Download citation
DOI: https://doi.org/10.1007/978-3-540-73547-2_55
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73546-5
Online ISBN: 978-3-540-73547-2
eBook Packages: Computer ScienceComputer Science (R0)