Embed Size (px)
DESCRIPTION
An index-split Bloom filter for deep packet inspection. Author : HUANG Kun and ZHANG DaFang Publisher : SCIENCE CHINA Information Sciences 2011 Presenter : Jo- Ning Yu Date : 2011/10/12. Key idea Index-split Bloom filter Lazy deletion algorithm Vacant insertion algorithm Evaluation. - PowerPoint PPT Presentation
Citation preview
Author : HUANG Kun and ZHANG DaFangAuthor : HUANG Kun and ZHANG DaFang
Publisher : SCIENCE CHINA Information Sciences Publisher : SCIENCE CHINA Information Sciences 20112011
Presenter : Jo-Ning YuPresenter : Jo-Ning Yu
Date : 2011/10/12Date : 2011/10/12
Key idea
Index-split Bloom filter
Lazy deletion algorithm
Vacant insertion algorithm
Evaluation
Outline
2
Key idea
3
Index-split Bloom filter
4
Query example
5
When an item is deleted, the ISBF needs to adjust
indexes of other off-chip items and reconstruct all on-chip CBFs, which leads to high deletion overhead, without support for dynamically changed items.
An on-chip deletion bitmap is exploited to record states of all off-chip items.
When an item x is deleted, the state of x in the deletion bitmap is set at 1, and at the same time x is deleted from each group of on-chip parallel CBFs, while not adjusting indexes of other off-chip items behind x.
Lazy deletion algorithm
6
Lazy deletion algorithm
7
Lazy deletion algorithm
8
The on-chip deletion bitmap is exploited to record states of all off-chip items, and states of vacant locations are ones.
When an item x is inserted, one of vacant locations is randomly selected from the deletion bitmap for an insertion, and its state is reset at 0.
The index of the vacant location is allocated to the logical index of x. The number of ones before the state of x in the deletion bitmap is counted to compute the physical address of x, and thus x is inserted into the physical address in off-chip memory, while keeping indexes of other off-chip items behind x invariable.
Vacant insertion algorithm
9
10
Vacant insertion algorithm
11
Vacant insertion algorithm
K = 6 When n=10000 and b=7, the false positive off-chip memory
accesses is minimized. When n=1000–4000 and b=6, the false positive off-chip memory
accesses is nearly minimized.
Evaluation
12
Evaluation – synthetic rule set
13
14
Evaluation – synthetic rule set
15
Evaluation – synthetic rule set
Snort 2.7 4077 signature strings Rule-1 : 956; Rule-2 : 1170; Rule-3 : 945; Rule-4 : 1006
16
Evaluation – real rule set
Evaluation
17
![Inferential Time-Decaying Bloom Filtersravi/Papers/DBConf/bloom.pdf2.1 The Classical Bloom Filter The Classical Bloom Filter [3] represents the set fFg of all items inserted into the](https://img.pdfslide.us/doc/110x75/5ed22681ebf6187a1932a334/inferential-time-decaying-bloom-ravipapersdbconfbloompdf-21-the-classical-bloom.jpg)
