Scalable packet classification through rulebase partitioning using the maximum entropy hashing

Lynn Choi, Hyogon Kim, Sunil Kim, Moon Hae Kim

Research output: Contribution to journalArticle

13 Citations (Scopus)

Abstract

In this paper, we introduce a new packet classification algorithm, which can substantially improve the performance of a classifier. The algorithm is built on the observation that a given packet matches only a few rules even in large classifiers, which suggests that most of rules are independent in any given rulebase. The algorithm hierarchically partitions the rulebase into smaller independent subrulebases based on hashing. By using the same hash key used in the partitioning a classifier only needs to look up the relevant subrulebase to which an incoming packet belongs. For an optimal partitioning of rulebases, we apply the notion of maximum entropy to the hash key selection. We performed the detailed simulations of our proposed algorithm on synthetic rulebases of size 1 K to 500 K entries using real-life packet traces. The results show that the algorithm can significantly outperform existing classifiers by reducing the size of a rulebase by more than four orders of magnitude with just two-levels of partitioning. Both the time complexity and the space complexity of the algorithm exhibit linearity in terms of the size of a rulebase. This suggests that the algorithm can be a good scalable solution for medium to large rulebases.

Original languageEnglish
Article number5238551
Pages (from-to)1926-1935
Number of pages10
JournalIEEE/ACM Transactions on Networking
Volume17
Issue number6
DOIs
Publication statusPublished - 2009 Dec 1

Fingerprint

Entropy
Classifiers

Keywords

  • Computer networks
  • Firewalls
  • Network performance
  • Packet classification

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Software
  • Computer Science Applications
  • Computer Networks and Communications

Cite this

Scalable packet classification through rulebase partitioning using the maximum entropy hashing. / Choi, Lynn; Kim, Hyogon; Kim, Sunil; Kim, Moon Hae.

In: IEEE/ACM Transactions on Networking, Vol. 17, No. 6, 5238551, 01.12.2009, p. 1926-1935.

Research output: Contribution to journalArticle

@article{d2506282c4744265a310be3b9bb40e53,
title = "Scalable packet classification through rulebase partitioning using the maximum entropy hashing",
abstract = "In this paper, we introduce a new packet classification algorithm, which can substantially improve the performance of a classifier. The algorithm is built on the observation that a given packet matches only a few rules even in large classifiers, which suggests that most of rules are independent in any given rulebase. The algorithm hierarchically partitions the rulebase into smaller independent subrulebases based on hashing. By using the same hash key used in the partitioning a classifier only needs to look up the relevant subrulebase to which an incoming packet belongs. For an optimal partitioning of rulebases, we apply the notion of maximum entropy to the hash key selection. We performed the detailed simulations of our proposed algorithm on synthetic rulebases of size 1 K to 500 K entries using real-life packet traces. The results show that the algorithm can significantly outperform existing classifiers by reducing the size of a rulebase by more than four orders of magnitude with just two-levels of partitioning. Both the time complexity and the space complexity of the algorithm exhibit linearity in terms of the size of a rulebase. This suggests that the algorithm can be a good scalable solution for medium to large rulebases.",
keywords = "Computer networks, Firewalls, Network performance, Packet classification",
author = "Lynn Choi and Hyogon Kim and Sunil Kim and Kim, {Moon Hae}",
year = "2009",
month = "12",
day = "1",
doi = "10.1109/TNET.2009.2018618",
language = "English",
volume = "17",
pages = "1926--1935",
journal = "IEEE/ACM Transactions on Networking",
issn = "1063-6692",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "6",

}

TY - JOUR

T1 - Scalable packet classification through rulebase partitioning using the maximum entropy hashing

AU - Choi, Lynn

AU - Kim, Hyogon

AU - Kim, Sunil

AU - Kim, Moon Hae

PY - 2009/12/1

Y1 - 2009/12/1

N2 - In this paper, we introduce a new packet classification algorithm, which can substantially improve the performance of a classifier. The algorithm is built on the observation that a given packet matches only a few rules even in large classifiers, which suggests that most of rules are independent in any given rulebase. The algorithm hierarchically partitions the rulebase into smaller independent subrulebases based on hashing. By using the same hash key used in the partitioning a classifier only needs to look up the relevant subrulebase to which an incoming packet belongs. For an optimal partitioning of rulebases, we apply the notion of maximum entropy to the hash key selection. We performed the detailed simulations of our proposed algorithm on synthetic rulebases of size 1 K to 500 K entries using real-life packet traces. The results show that the algorithm can significantly outperform existing classifiers by reducing the size of a rulebase by more than four orders of magnitude with just two-levels of partitioning. Both the time complexity and the space complexity of the algorithm exhibit linearity in terms of the size of a rulebase. This suggests that the algorithm can be a good scalable solution for medium to large rulebases.

AB - In this paper, we introduce a new packet classification algorithm, which can substantially improve the performance of a classifier. The algorithm is built on the observation that a given packet matches only a few rules even in large classifiers, which suggests that most of rules are independent in any given rulebase. The algorithm hierarchically partitions the rulebase into smaller independent subrulebases based on hashing. By using the same hash key used in the partitioning a classifier only needs to look up the relevant subrulebase to which an incoming packet belongs. For an optimal partitioning of rulebases, we apply the notion of maximum entropy to the hash key selection. We performed the detailed simulations of our proposed algorithm on synthetic rulebases of size 1 K to 500 K entries using real-life packet traces. The results show that the algorithm can significantly outperform existing classifiers by reducing the size of a rulebase by more than four orders of magnitude with just two-levels of partitioning. Both the time complexity and the space complexity of the algorithm exhibit linearity in terms of the size of a rulebase. This suggests that the algorithm can be a good scalable solution for medium to large rulebases.

KW - Computer networks

KW - Firewalls

KW - Network performance

KW - Packet classification

UR - http://www.scopus.com/inward/record.url?scp=72449130427&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=72449130427&partnerID=8YFLogxK

U2 - 10.1109/TNET.2009.2018618

DO - 10.1109/TNET.2009.2018618

M3 - Article

AN - SCOPUS:72449130427

VL - 17

SP - 1926

EP - 1935

JO - IEEE/ACM Transactions on Networking

JF - IEEE/ACM Transactions on Networking

SN - 1063-6692

IS - 6

M1 - 5238551

ER -