Skip to main content

Advertisement

SpringerLink
Log in

Hardware-based multi-match packet classification in NIDS: an overview and novel extensions for improving the energy efficiency of TCAM-based classifiers

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Network intrusion detection systems (NIDS) require all the header matching rules to be reported which is termed as multi-match packet classification. Ternary content-addressable memories (TCAMs) are the preferred choice for performing hardware-based multi-match packet classification in speed critical applications. However, TCAMs cannot deliver multi-match results directly due to in-built priority encoder. Prior research focused on this drawback and have come up with solutions for yielding multi-match results from the TCAMs. However, prior works have not laid enough emphasis on exploiting the structural properties of real-world NIDS header rule databases for optimizing the key TCAM parameters. In the first part of this work, the existing designs in the literature are classified based on the design approach, and the performance of all the designs is summarized with respect to crucial performance metrics. In the second part, a rule entry compression mechanism based on layered encoding is proposed, which can yield reduced TCAM entry size. The proposed compression approach makes use of the structural properties present in real-world Snort header rule databases. Assuming commercially available TCAM configurations, the proposed compression reduced the overall TCAM bits required for accommodating the classifier by \(50\%\). Simulation results showed that, by integrating the existing TCAM-based multi-match designs with the proposed compression, the improvement in the TCAM energy and delay per packet has, respectively, ranged between \(46.23{-}35.16\%\) and \(29.04{-}1.64\%\) when tested upon latest real-world Snort databases.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Agrawal B, Sherwood T (2008) Ternary cam power and delay model: extensions and uses. IEEE Trans Very Large Scale Integr (VLSI) Syst 16(5):554–564

    Article  Google Scholar 

  2. Banerjee T, Sahni S, Seetharaman G (2012) Pc-duos+: a tcam architecture for packet classifiers. IEEE Trans Comput 63(6):1527–1540

    Article  MathSciNet  Google Scholar 

  3. Banerjee T, Sahni S, Seetharaman G (2015) Pc-trio: a power efficient tcam architecture for packet classifiers. IEEE Trans Comput 64(4):1104–1118

    Article  MathSciNet  Google Scholar 

  4. Bremler-Barr A, Hendler D (2012) Space-efficient tcam-based classification using gray coding. IEEE Trans Comput 61(1):18–30

    Article  MathSciNet  Google Scholar 

  5. Bremler-Barr A, Hay D, Hendler D (2012) Layered interval codes for tcam-based classification. Comput Netw 56(13):3023–3039

    Article  Google Scholar 

  6. Callanan D, Kljucaric L, George A (2021) Accelerating regular-expression matching on fpgas with high-level synthesis. In: International workshop on OpenCL, pp 1–8

  7. Chang DY, Wang PC (2015) Tcam-based multi-match packet classification using multidimensional rule layering. IEEE/ACM Trans Netw 24(2):1125–1138

    Article  Google Scholar 

  8. Cheng YC, Wang PC (2015) Scalable multi-match packet classification using tcam and sram. IEEE Trans Comput 65(7):2257–2269

    Article  MathSciNet  Google Scholar 

  9. Daly J, Liu AX, Torng E (2015) A difference resolution approach to compressing access control lists. IEEE/ACM Trans Netw 24(1):610–623

    Article  Google Scholar 

  10. Faezipour M, Nourani M (2008) Wire-speed tcam-based architectures for multimatch packet classification. IEEE Trans Comput 58(1):5–17

    Article  MathSciNet  Google Scholar 

  11. Ganegedara T, Jiang W, Prasanna VK (2013) A scalable and modular architecture for high-performance packet classification. IEEE Trans Parallel Distrib Syst 25(5):1135–1144

    Article  Google Scholar 

  12. Graves CE, Li C, Sheng X, Ma W, Chalamalasetti SR, Miller D, Ignowski JS, Buchanan B, Zheng L, Lam ST et al (2019) Memristor tcams accelerate regular expression matching for network intrusion detection. IEEE Trans Nanotechnol 18:963–970

    Article  Google Scholar 

  13. Gupta P, McKeown N (2000) Classifying packets with hierarchical intelligent cuttings. IEEE Micro 20(1):34–41

    Article  Google Scholar 

  14. Hatami R, Bahramgiri H (2019) High-performance architecture for flow-table lookup in sdn on fpga. J Supercomput 75(1):384–399

    Article  Google Scholar 

  15. Irfan M, Ullah Z, Chowdhury MH, Cheung RC (2020) Rpe-tcam: reconfigurable power-efficient ternary content-addressable memory on fpgas. IEEE Trans Very Large Scale Integr (VLSI) Syst 28(8):1925–1929

    Article  Google Scholar 

  16. Irfan M, Yantir HE, Ullah Z, Cheung RC (2021) Comp-tcam: an adaptable composite ternary content-addressable memory on fpgas. IEEE Embed Syst Lett

  17. Irfan M, Sanka AI, Ullah Z, Cheung RC (2022) Reconfigurable content-addressable memory (cam) on fpgas: a tutorial and survey. Future Gener Comput Syst 128:451–465

    Article  Google Scholar 

  18. Jiang W, Prasanna VK (2009) Field-split parallel architecture for high performance multi-match packet classification using fpgas. In: Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architectures. ACM, pp 188–196

  19. Lakshminarayanan K, Rangarajan A, Venkatachary S (2005) Algorithms for advanced packet classification with ternary cams. ACM SIGCOMM Comput Commun Rev ACM 35:193–204

    Article  Google Scholar 

  20. Lee K, Yun S (2015) Hybrid memory-efficient multimatch packet classification for nids. Microprocess Microsyst 39(2):113–121

    Article  MathSciNet  Google Scholar 

  21. Li C, Li T, Li J, Li D, Yang H, Wang B (2019) Memory optimization for bit-vector-based packet classification on fpga. Electronics 8(10):1159

    Article  Google Scholar 

  22. Li X, Xie W (2017) Craft: a cache reduction architecture for flow tables in software-defined networks. In: 2017 IEEE symposium on computers and communications (ISCC). IEEE, pp 967–972

  23. Li X, Lin Y, Li W (2016) Greentcam: a memory-and energy-efficient tcam-based packet classification. In: 2016 international conference on computing. Networking and Communications (ICNC). IEEE, pp 1–6

  24. Liu AX, Meiners CR, Torng E (2010) Tcam razor: a systematic approach towards minimizing packet classifiers in tcams. IEEE/ACM Trans Netw (TON) 18(2):490–500

    Article  Google Scholar 

  25. Liu AX, Meiners CR, Torng E (2016) Packet classification using binary content addressable memory. IEEE/ACM Trans Netw 24(3):1295–1307

    Article  Google Scholar 

  26. Liu H (2002) Efficient mapping of range classifier into ternary-cam. In: Proceedings 10th symposium on high performance interconnects. IEEE, pp 95–100

  27. Ma Y, Banerjee S (2012) A smart pre-classifier to reduce power consumption of tcams for multi-dimensional packet classification. In: Proceedings of the ACM SIGCOMM 2012 conference on applications, technologies, architectures, and protocols for computer communication. ACM, pp 335–346

  28. Meiners CR, Liu AX, Torng E (2010) Hardware based packet classification for high speed internet routers. Springer, Berlin

    Book  Google Scholar 

  29. Meiners CR, Liu AX, Torng E (2011) Topological transformation approaches to tcam-based packet classification. IEEE/ACM Trans Netw (TON) 19(1):237–250

    Article  Google Scholar 

  30. Meiners CR, Liu AX, Torng E, Patel J (2011b) Split: optimizing space, power, and throughput for tcam-based classification. In: Proceedings of the 2011 ACM/IEEE seventh symposium on architectures for networking and communications systems. IEEE Computer Society, pp 200–210

  31. Ponnusamy V, Humayun M, Jhanjhi N, Yichiet A, Almufareh MF (2022) Intrusion detection systems in internet of things and mobile ad-hoc networks. Comput Syst Sci Eng 40(3):1199–1215

    Article  Google Scholar 

  32. Qi Y, Xu L, Yang B, Xue Y, Li J (2009) Packet classification algorithms: from theory to practice. INFOCOM 2009. IEEE, IEEE, pp 648–656

  33. Qu YR, Prasanna VK (2015) High-performance and dynamically updatable packet classification engine on fpga. IEEE Trans Parallel Distrib Syst 27(1):197–209

    Article  Google Scholar 

  34. Rottenstreich O, Cohen R, Raz D, Keslassy I (2013) Exact worst case tcam rule expansion. IEEE Trans Comput 62(6):1127–1140

    Article  MathSciNet  Google Scholar 

  35. Rottenstreich O, Keslassy I, Hassidim A, Kaplan H, Porat E (2016) Optimal in/out tcam encodings of ranges. IEEE/ACM Trans Netw (TON) 24(1):555–568

    Article  Google Scholar 

  36. Rottenstreich O, Kulik A, Joshi A, Rexford J, Rétvári G, Menasché DS (2020) Cooperative rule caching for sdn switches. In: 2020 IEEE 9th international conference on cloud networking (CloudNet). IEEE, pp 1–7

  37. Sadeh Y, Rottenstreich O, Barkan A, Kanizo Y, Kaplan H (2020) Optimal representations of a traffic distribution in switch memories. IEEE/ACM Trans Netw 28(2):930–943

    Article  Google Scholar 

  38. Shen R, Li X, Li H (2014) A space-and power-efficient multi-match packet classification technique combining tcams and srams. J Supercomput 69(2):673–692

    Article  Google Scholar 

  39. Singh S, Baboescu F, Varghese G, Wang J (2003) Packet classification using multidimensional cutting. In: Proceedings of the 2003 conference on applications, technologies, architectures, and protocols for computer communications. ACM, pp 213–224

  40. Song H, Lockwood JW (2005) Efficient packet classification for network intrusion detection using fpga. In: Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays, ACM, pp 238–245

  41. Srinivasavarma VS, Vidhyut S (2020) A tcam-based caching architecture framework for packet classification. ACM Trans Embed Comput Syst (TECS) 20(1):1–19

    Google Scholar 

  42. Snort: Network Intrusion Detection/Prevention System (2019) https://www.snort.org/

  43. Taylor DE (2005) Survey and taxonomy of packet classification techniques. ACM Comput Surv (CSUR) 37(3):238–275

    Article  Google Scholar 

  44. Taylor DE, Turner JS (2007) Classbench: a packet classification benchmark. IEEE/ACM Trans Netw 15(3):499–511

    Article  Google Scholar 

  45. TCAMimic: a hardware simulator for TCAM based on real TCAM hardware architecture (2021) https://faculty.idc.ac.il/bremler/TCAMimic.htm

  46. Ullah A, Zahir A, Khan NA, Ahmad W, Ramos A, Reviriego P (2020) Bpr-tcam-block and partial reconfiguration based tcam on xilinx fpgas. Electronics 9(2):353

    Article  Google Scholar 

  47. Vegesna SS, Nara AC, Sk NM (2019) A novel rule mapping on tcam for power efficient packet classification. ACM Trans Des Autom Electron Syst (TODAES) 24(5):1–23

    Article  Google Scholar 

  48. Wei R, Xu Y, Chao HJ (2016) Finding nonequivalent classifiers in Boolean space to reduce tcam usage. IEEE/ACM Tran Network (TON) 24(2):968–981

    Article  Google Scholar 

  49. Xu Y, Liu Z, Zhang Z, Chao HJ (2013) High-throughput and memory-efficient multimatch packet classification based on distributed and pipelined hash tables. IEEE/ACM Trans Netw 22(3):982–995

    Article  Google Scholar 

  50. Yan B, Xu Y, Chao HJ (2018) Adaptive wildcard rule cache management for software-defined networks. IEEE/ACM Trans Netw 26(2):962–975

    Article  Google Scholar 

  51. Yazdinejadna A, Parizi RM, Dehghantanha A, Khan MS (2021) A kangaroo-based intrusion detection system on software-defined networks. Comput Netw 184:107688

    Article  Google Scholar 

  52. Yu F, Katz RH (2004) Efficient multi-match packet classification with tcam. In: Proceedings. 12th annual IEEE symposium on high performance interconnects. IEEE, pp 28–34

  53. Yu F, Lakshman T, Motoyama MA, Katz RH (2006) Efficient multimatch packet classification for network security applications. IEEE J Sel Areas Commun 24(10):1805–1816

    Article  Google Scholar 

Download references

Acknowledgements

The work is supported by the Ministry of Electronics and Information Technology, Govt. of India, under Visvesvaraya Ph.D scheme, Grant Number: VISPHD-MEITY-873.

Author information

Authors and Affiliations

  1. School of Computing, SRMIST Kattankulathur, Chennai, India

    Vegesna S. M. Srinivasavarma

  2. Department of CSE, IIITDM Kancheepuram, Chennai, India

    Shanmukha Rao Pydi & S. Noor Mahammad

Authors
  1. Vegesna S. M. Srinivasavarma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shanmukha Rao Pydi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. S. Noor Mahammad
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vegesna S. M. Srinivasavarma.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Srinivasavarma, V.S.M., Pydi, S.R. & Mahammad, S.N. Hardware-based multi-match packet classification in NIDS: an overview and novel extensions for improving the energy efficiency of TCAM-based classifiers. J Supercomput 78, 13086–13121 (2022). https://doi.org/10.1007/s11227-022-04377-8

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-022-04377-8

Keywords

Search

Navigation