In this paper, we propose a Ternary Content Addressable Memory (TCAM) coprocessor based solution for high speed, integrated policy filtering and TCP flow anomaly detection. In the proposed solution, the TCP flow anomaly is detected through two dimensional (2D) matching. The key features of the solution include: (1) setting flag bits in TCAM action code to support various packet treatments; (2) managing TCP flow state in pair to do 2D matching. The solution's ability for detecting TCP-based flooding attacks based on real-world-trace simulations are conducted. The results show that the proposed solution can match up OC-192 line rate while doing the integrated tasks.
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Conference||5th International Conference on Autonomic and Trusted Computing, ATC 2008|
|Period||23/06/08 → 25/06/08|
- Theoretical Computer Science
- Computer Science(all)