| Summary: | 碩士 === 國立交通大學 === 資訊科學與工程研究所 === 105 === Packet classification plays an important role in network security. Routers, firewalls and intrusion detection systems classify incoming packets into different flows according to predefined rules, which are also called packet filters, to implement security functions. If two or more filters overlap, a conflict may occur and lead to ambiguity in packet classification. Packet classification has attracted a lot of attention due to its importance. However, few studies have been done on conflict detection. In the literature, most conflict detection algorithms were designed based on central processing unit (CPU). Graphical processing unit (GPU), which has parallel processing power superior to that of CPU, is a considerable candidate to provide high detection speed. In this paper, we propose a parallel conflict detection algorithm using GPU. By analyzing the critical steps in conflict detection and the workload of each step, our proposed algorithm can reduce the number of comparisons for each filter and balance workload between GPU threads, resulting in significant performance improvement. Experimental results show that for a filter database with 30,000 filters, the detection speed of our proposed algorithm is 4 to 9.8 times higher than that of the algorithm using CPU.
|
|---|
