![Page 1: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/1.jpg)
Author : HUANG Kun and ZHANG DaFangAuthor : HUANG Kun and ZHANG DaFang
Publisher : SCIENCE CHINA Information Sciences Publisher : SCIENCE CHINA Information Sciences 20112011
Presenter : Jo-Ning YuPresenter : Jo-Ning Yu
Date : 2011/10/12Date : 2011/10/12
![Page 2: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/2.jpg)
Key idea
Index-split Bloom filter
Lazy deletion algorithm
Vacant insertion algorithm
Evaluation
Outline
2
![Page 3: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/3.jpg)
Key idea
3
![Page 4: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/4.jpg)
Index-split Bloom filter
4
![Page 5: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/5.jpg)
Query example
5
![Page 6: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/6.jpg)
When an item is deleted, the ISBF needs to adjust
indexes of other off-chip items and reconstruct all on-chip CBFs, which leads to high deletion overhead, without support for dynamically changed items.
An on-chip deletion bitmap is exploited to record states of all off-chip items.
When an item x is deleted, the state of x in the deletion bitmap is set at 1, and at the same time x is deleted from each group of on-chip parallel CBFs, while not adjusting indexes of other off-chip items behind x.
Lazy deletion algorithm
6
![Page 7: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/7.jpg)
Lazy deletion algorithm
7
![Page 8: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/8.jpg)
Lazy deletion algorithm
8
![Page 9: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/9.jpg)
The on-chip deletion bitmap is exploited to record states of all off-chip items, and states of vacant locations are ones.
When an item x is inserted, one of vacant locations is randomly selected from the deletion bitmap for an insertion, and its state is reset at 0.
The index of the vacant location is allocated to the logical index of x. The number of ones before the state of x in the deletion bitmap is counted to compute the physical address of x, and thus x is inserted into the physical address in off-chip memory, while keeping indexes of other off-chip items behind x invariable.
Vacant insertion algorithm
9
![Page 10: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/10.jpg)
10
Vacant insertion algorithm
![Page 11: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/11.jpg)
11
Vacant insertion algorithm
![Page 12: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/12.jpg)
K = 6 When n=10000 and b=7, the false positive off-chip memory
accesses is minimized. When n=1000–4000 and b=6, the false positive off-chip memory
accesses is nearly minimized.
Evaluation
12
![Page 13: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/13.jpg)
Evaluation – synthetic rule set
13
![Page 14: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/14.jpg)
14
Evaluation – synthetic rule set
![Page 15: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/15.jpg)
15
Evaluation – synthetic rule set
![Page 16: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/16.jpg)
Snort 2.7 4077 signature strings Rule-1 : 956; Rule-2 : 1170; Rule-3 : 945; Rule-4 : 1006
16
Evaluation – real rule set
![Page 17: An index-split Bloom filter for deep packet inspection](https://reader035.vdocument.in/reader035/viewer/2022062222/568156f1550346895dc49696/html5/thumbnails/17.jpg)
Evaluation
17