An integrated solution for policy filtering and traffic anomaly detection

Zhijun Wang, Hao Che, Jiannong Cao

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review


In this paper, we propose a Ternary Content Addressable Memory (TCAM) coprocessor based solution for high speed, integrated policy filtering and TCP flow anomaly detection. In the proposed solution, the TCP flow anomaly is detected through two dimensional (2D) matching. The key features of the solution include: (1) setting flag bits in TCAM action code to support various packet treatments; (2) managing TCP flow state in pair to do 2D matching. The solution's ability for detecting TCP-based flooding attacks based on real-world-trace simulations are conducted. The results show that the proposed solution can match up OC-192 line rate while doing the integrated tasks.
Original languageEnglish
Title of host publicationAutonomic and Trusted Computing - 5th International Conference, ATC 2008, Proceedings
Number of pages15
Publication statusPublished - 4 Aug 2008
Event5th International Conference on Autonomic and Trusted Computing, ATC 2008 - Oslo, Norway
Duration: 23 Jun 200825 Jun 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5060 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference5th International Conference on Autonomic and Trusted Computing, ATC 2008

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this