International Journal on Recent and Innovation Trends in Computing and Communication ISSN: 2321-8169

Volume: 4 Issue: 7 169 - 173

____________________________________________________________________________________________________________________
Efficient binary cutting packet classification

Miss.Priti Rathi Prof. Ganesh Bandal

Department of Computer Engineering Department of Computer Engineering
G.H.Raisoni College of Engineering G.H.Raisoni College of Engineering
Ahmednagar,India Pune,India
E-mail: rathi.priti09@gmail.com E-mail:ganesh.bandal@raisoni.net

AbstractPacket classification is the process of distributing packets into flows in an internet router. Router processes all packets which
belong to predefined rule sets in similar manner& classify them to decide upon what all services packet should receive. It plays an important role
in both edge and core routers to provideadvanced network service such as quality of service, firewalls and intrusion detection. These services
require the ability to categorize & isolate packet traffic in different flows for proper processing. Packet classification remains a classical
problem, even though lots of researcher working on the problem. Existing algorithms such asHyperCuts,boundary cutting and HiCuts have
achieved an efficient performance by representing rules in geometrical method in a classifier and searching for a geometric subspace to which
each inputpacket belongs. Some fixed interval-based cutting not relating to the actual space that eachrule covers is ineffective and results in a
huge storage requirement. However, the memoryconsumption of these algorithms remains quite high when high throughput is required.Hence in
this paper we are proposing a new efficient splitting criterion which is memory andtime efficient as compared to other mentioned techniques.
Our proposed approach known as (ABC) Adaptive Binary Cuttingproducesa set of different-sized cuts at each decision step, with the goal to
balance the distribution offilters and to reduce the filter duplication effect. The proposed algorithmuses stronger andmore straightforward criteria
for decision treeconstruction. Experimental results will showthe effectiveness of proposed algorithm as compared to existing algorithm using
differentparameters such as time & memory. In this paper, no symmetrical size cut at each decision node, with aim to make a distribution of
filters balanced and also to reduce redundancy in filter.

Keywords HiCuts, HyperCuts, Boundary Cutting, Adaptive Binary Cutting, access control, firewalls, intrusion detection, policy based routing
and traffic engineering.
__________________________________________________*****_________________________________________________

I. INTRODUCTION As accepted by many, classification of packets broadly

Packet classification has been broadly concentrated on for
quite a while since there are number of network services such
as access control, firewalls, intrusion detection, policy based
routing and traffic engineering needs to be accelerated. For
each of these mentioned services, it is mandatory to identify
flow to which an arriving packet belongs to & based on that to
determine whether packet is to be forwarded or filtered. Again
if it is to be forwarded, where to forward it to & what all
services it should receive.
All this classification is done by packet classifier which
performs the task of maintaining rule sets & each flow obeys
at least one rule. Based on the packet header, rules classify the
flow to which packet belongs to. For example, a flow can be
identified by specific values of source and destination IP
addresses, and by particular transport port numbers. Also,
combination of destination prefix with port value ranges can
define the flow.
It is responsibility of packet classifier to compare different
header fields of the received packet with comparison of
already defined rules and returns the profile of most matching
rule with matching the packet header. One of the important
features of advance and basic routers is to provide
classification of packets. Even though there is lot of work done
on this topic, packet clustering remains an open and
challenging problem to many researchers. With this, system
nature of service (QoS), network security andsystem
virtualization are the enabling factors for bigger size packet
order including lakhs to many of filters in a single router.
IJRITCC | July 2016, Available @ http://www.ijritcc.org
_______________________________________________________________________________________
focused on very few areas, researchers are still looking for
new and optimized packet classification algorithms for
following reasons:
Continuouslyexpansion of network bandwidth.
Ever-increasing complexity of network applications
Technology innovations of network systems.
Number of packet classification algorithms have been
proposed as of late, the greater part of them stay in scientific
examination and/ software simulation stage, and few of them
have been actualized in business items as a non specific
arrangement. The gap between theory and practice in existing
work can be compressed by diverse examination inspirations.
Some algorithms which focuses on extensive mathematical
analysis are been proposed and some of them are accounted
for to have excellent temporal/spatial complexity. There have
been various Mathematics based solutions, Observation based
solutions & hardware based solutions. However, algorithms of
this kind can scarcely be found to have any execution in real-
life network devices. These algorithms often work well with
particular sort of principle sets. Be that as it may, on the
grounds that packet classification rules for different
applications have diverse highlights [22], couple of
calculations are sufficiently keen to completely exploit the
redundancy lying in different types of rule sets to get stable
execution under different conditions.
Packet classification is still an important problem and thereis
an incredible requirement for novel arrangements. The
difference between theory and practice motivates our research.
In is paper we are proposing an Adaptive Binary Cutting
169
International Journal on Recent and Innovation Trends in Computing and Communication
Volume: 4 Issue: 7
____________________________________________________________________________________________________________________
(ABC) algorithm which provides another degree of freedom to
create the decision tree & adopt the geometric distribution of
filters.In conjunction with an efficient node encoding scheme,
it enables a smaller, shorter, and well-balanced decision tree.
This improves searching time, memory efficient and can
support large rule set as well as gives considerable high
throughput.
II. LITERATURE SURVEY
Many authors hadmassivework in packet classification.
In [2] paper, author states that packet classification is the core
mechanism that have feature of other networking services on
the internet like filtering of firewall packet and accounting of
traffic with help of ternary content addressable memories
(TCAMS) to perform high-speed packet classification. Packets
are compared with other classification rules in constant time
by TCAMS. It has ternary encoding in parallel, even though
they have high speed, renowned problem of range expansion is
suffered by TCAMS. Number of rules keeps on increasing
with leaps and bounds becauseclassification rules consist of
fields specified as ranges, this are depicted as TCAM-
compatible rules. This is not a problem if TCAM have large
capacities. But due to lower capacity of TCAMS, and as
number of rules increases more power consumption which
results in more heat generation for TCAMS. More bad is that
rule list is increasing classifiers of packet as services deployed
on internet is increasing. In this paper, they consider the
following problem: even a classifier of packet is given, need to
create a newand symmetrically equivalent packet classifier
that requires the least number of TCAMS entries.Paper says
that a clear and step by step method, the TCAMS blade which
is optimized and practical in terms of effectiveness is
proposed.Total compression ration achieved by TCAMS razor
is 29.0%, this is much better as compared to papers which are
published previously which had most perfect result of 54%. In
terms of optimistic, TCAMS blade example execute in
another, even for bigger packet classifiers. Finally, in terms of
practicality, this TCAMS razor approach can be easily
deployed as it does not require any modification to existing
packet classification systems, unlike many previous range
encoding schemes.
In [3] paper, Author studies the existing methods to mitigate
the effect of range expansion and the limitations of small
capacity, large power consumption, and high heat generation
of ternary content addressable memory (TCAM)-based packet
classification systems. However, they all disregard the
semantics of classifiers and therefore miss significant
opportunities for space compression. This paper proposes new
approaches to range re-encoding by taking into account
classifier semantics. Fundamentally different from prior work,
they view re-encoding as a topological transformation process
from one colored hyper rectangle to another, where the color is
the decision associated with a given packet. Stated another
way, they re-encode the entire classifier by considering the
classifier's decisions rather than re-encode only ranges in the
classifier ignoring the classifier's decisions as prior work does.
It presents two orthogonal, yet compassable, re-encoding
approaches: domain compression and prefix alignment. These
techniques significantly outperform all previous re-encoding
techniques. In comparison to prior art, experimental results
IJRITCC | July 2016, Available @ http://www.ijritcc.org
_______________________________________________________________________________________
ISSN: 2321-8169
169 - 173
show that current techniques achieve at least five times more
space reduction in terms of TCAM space for an encoded
classifier and at least three times more space reduction in
terms of TCAM space for a re-encode classifier and its
transformers. This, in turn, leads to improved throughput and
decreased power consumption.
In [4] paper, Today's packet classification systems are
designed to provide the highest-priority matching result, such
as the longest prefix match, even if a packet matches multiple
classification rules. However, new network applications
demanding multimatch classification - that is, requiring all
matching results instead of only the highest-priority match -
are emerging. Ternary content-addressable memory is
becoming a common extension to network processors, and its
capability and speed make it attractive for high-speed
networks. The proposed TCAM-based scheme produces
multimatch classification results with about 10 times fewer
memory lookups than a pure software approach. In addition,
their scheme for removing negation in rule sets saves up to 95
percent of the TCAM space used by a straightforward
implementation.
In [5] paper, Author presentsnew network applications like
intrusion detection systems and packet-level accounting
require multimatch packet classification, where all matching
filters need to be reported. Ternary content addressable
memories (TCAMs) have been adopted to solve the
multimatch classification problem due to their ability to
perform fast parallel matching. However, TCAMs are
expensive and consume large amounts of power. None of the
previously published multimatch classification schemes are
both memory and power efficient. In this paper, develop a
novel scheme that meets both requirements by using a new set
splitting algorithm (SSA). The main idea behind SSA is that it
splits filters into multiple groups and performs separate
TCAM lookups into these groups. It guarantees the removal of
at least 1/2 the intersections when a filter set is split into two
sets, thus resulting in low TCAM memory usage. SSA also
accesses filters in the TCAM only once per packet, leading to
low-power consumption. Here they compare SSA with two
best known schemes: multimatch using discriminators (MUD)
(Lakshminarayanan and Rangarajan, 2005) and geometric
intersection-based solutions (Yu and Katz, 2004). Simulation
results based on the SNORT filter sets show that SSA uses
approximately the same amount of TCAM memory as MUD,
but yields a 75%-95% reduction in power consumption.
Compared with geometric intersection-based solutions, SSA
uses 90% less TCAM memory and power at the cost of one
additional TCAM lookup per packet. They also show that SSA
can be combined with SRAM/TCAM hybrid approaches to
further reduce energy consumption.
In [6] paper, using FPGA technology for real-time network
intrusion detection has gained many research efforts recently.
In this paper, a novel packet classification architecture called
BV-TCAM is presented, which is implemented for an FPGA-
based Network Intrusion Detection System (NIDS). The
classifier can report multiple matches at gigabit per second
network link rates. The BV-TCAM architecture combines the
170
International Journal on Recent and Innovation Trends in Computing and Communication ISSN: 2321-8169
Volume: 4 Issue: 7 169 - 173
____________________________________________________________________________________________________________________
Ternary Content Addressable Memory (TCAM) and the Bit
Vector (BV) algorithm to effectively compress the data
representations and boost throughput. A tree-bitmap
implementation of the BV algorithm is used for source and
destination port lookup while a TCAM performs the lookup of
the other header fields, which can be represented as a prefix or
exact value. The architecture eliminates the requirement for
prefix expansion of port ranges. With the aid of a small
embedded TCAM, packet classification can be implemented in
a relatively small part of the available logic of an FPGA. The
design is prototyped and evaluated in a Xilinx FPGA
XCV2000E on the FPX platform. Even with the most difficult
set of rules and packet inputs, the circuit is fast enough to Figure 2: System Architecture
sustain OC48 traffic throughput. Using larger and faster This algorithm discards the notion of the expansion factor.
FPGAs, the system can work at speeds greater than OC192. Since our cutting strategies adapt to the filterdistribution, each
III. BOUNDARY CUTTING APPROACH cut counts, and it does not negatively impact the storage
efficiency. Therefore,the ABC algorithm does not need such a
Study has analyzed the various decision tree base packet parameter. Given the tree node size, we canalways fully use
classification algorithms as decision tree algorithms naturally the capacity by making as many cuts as possible. So with the
enable the both highest priority match & multi match packet ABC algorithm we expect
classification. This process requires fair amount of To detect the accurate packet classification.
preprocessing involving complicated heuristics related to each To create the balanced decision tree for efficient
given rule set. The computation required for the pre- classification result.
processing consumes much memory and construction time,
To increase throughput.
making it harder for all arrangements which can be enhanced
To reduce the tree depth as well as filter duplication.
for a bigger rule list as we have space scarcity in forming the
decision trees. Over and above this, the slicing depends on
specified interval, so that it does not consider the actual Algorithm:Build Decision Tree
memory that each principal covers; so it is not effective.
Step 1: Initialize a single-node tree in which the root contains
all the filters;
Cutting in the Boundary Cutting algorithm is based on the
Step 2: Initialize a single-node tree in which the root contains
disjoint space covered by each rule. Hence, the packet
all the filters;
classification table using this approach is deterministically
Step 3: AND some current leaf nodes have > 3 filters){
built and does not require the complicated heuristics used by
Step 4: Let S3 = the set of leaf nodes have > 3 filters;
earlier decision tree algorithms. The boundary cutting of this
Step 5: Select v S3 which requires the longest time to search
algorithm is more effective than that of earlier algorithms
a filter in the worst case;
since it is based on rule boundaries rather than fixed intervals.
Step 6: Split node v to produce the CSTs and the new child DT
Thus, quantity of space required is reduced drastically.
nodes;
Second, although BC loses the indexing ability at internal
Step 7: }
nodes, the binary search at internal nodes provides good search
performance. Mathematical Model
Let S be the system which we use for packet classification
IV. ADAPTIVE BINARY CUTTING APPROACH
using boundary cutting. In this algorithm classification is
Adaptive Binary Cutting approach for efficient & effective based on building decision tree. The proposed algorithm finds
packet classification gives us different level of flexibility to out the space that each rule covers and performs the cutting
create decision tree also which are adaptive to the geometric according to the space boundary.
distribution of the filters. The threevariations of the adaptive
cutting procedure produce a set of different-sized cuts on
every point of decision, having driving factor to have
distribution of filtersbalanced and to lessen effect of filter
duplication. The proposed algorithm uses stronger and more
straightforward criteria for decisiontree construction.
Accompanying with efficient encoding technique in a node,
this makes it short &smallerand enough distributed decision
tree. Even if arrangement proposed by us lead in different-
sizedcuts, it splits the filters evenly and avoids any filter
duplication.

171
IJRITCC | July 2016, Available @ http://www.ijritcc.org
_______________________________________________________________________________________
International Journal on Recent and Innovation Trends in Computing and Communication ISSN: 2321-8169
Volume: 4 Issue: 7 169 - 173
____________________________________________________________________________________________________________________
S={P,R, DT, Sr, CP} B. Result Analysis
Where, 1) Time complexity Graph:
S= System
P = Packet
DT = Decision tree
Sr = Searching
Input: A rule set R = {r1, r2,...,rn}
Where r1, r2are the rules which we used for packet
classification.
2-D plane shows the areas that each rule covers in aprefix
plane for a given 2-D example rule set. As given, arule
with(i,j) lengths in F1andF2 fields covers the area of 2W-i * 2W-
j
, whereW is the maximum length of the field(W is 32 in IPv4).
Processes:
1. DT={R, F,binth} As shown in the above time complexity graph, x-axis
Where, represents the different methods for time calculation and y-
DT is decision tree set which contains following parameter. axis represents the time in milliseconds. Boundary cutting is
R is the rule set which we are going to use for building the existing method which takes 130 milliseconds where ABC
decision tree. algorithm takes only 30 milliseconds. Hence it proves that
F is the field set which contains f1, f2,...,fd fields. ABC is more time efficient.
Binth is the threshold value
If No of rules matching >binth for particular field 2) Memory Efficiency Graph
Then apply cut
Else
Current node = leaf node.
2. Sr = {P, F, R}
Where Sr is the searching set which contains,
P = {Source
ip,Destination_ip,source_port,Dest_port,protocol}
Where, P is the packet which contains source ip address,
destination ip address, source port no and destination port no.
F is the field set which contains all header fields.
R is rule set.
Packet Pmatches rule Rk, for k= 1,, N, if all the headerfields
Fd, for d= 1,,D, of the packet match the correspondingfields
in Rk, whereN is the number of rules andDis the number of
fields.
Output: CP = {P, R} As shown in the above graph, x-axis represents the different
Where, methods for memory consumption calculation and y-axis
CP is the classified set. represents the memory. Boundary cutting is the existing
Here P is the packet which is classified for the particular rule method which takes 32.5 where ABC which is our proposed
set R. algorithm takes only 16 which in turn show that ABC is more
This result is based on the searching result for matching rule. efficient and takes less energy for packet classification.

V. RESULT ANALYSIS IV. CONCLUSIONS AND FUTURE WORK

A. Data sets
Simulation is being done using java performed on rule sets
created for firewall. These rule sets are generated with sizes
100-1000. Performance of decision tree is majorly dependent
on rule lists, no. of rules with a wildcard in the prefix fields,
since prefix fields are mostly used for cutting because of the
variety of distinct values. These rule sets represents the source
ip address, destination ip address, port no. and action which
has to be taken on incoming/ outgoing packet. Here IP address
has been taken into consideration while making decision tree.
Compared to other types, FW type sets have a much higher
rate of wildcards in the prefix fields, especially in the
destination prefix field.
In this paper novel approach towards packet classification has
been defined based on decision tree. We have studied the
existing algorithms like HiCuts, HyperCuts, BV-CAM,
Hypersplit and DCFL to improve the results of ABC algorithm
and overcome drawbacks of these existing algorithms. This
approach ensures that all the DT nodes have same size & are
fully utilized. ABC algorithm precisely improves the storage
& throughput performance & is scalable to large filter sets.
Simple implementation along with efficient memory & time
use, keep ABC as a good alternative over TCAM & other
algorithms.
In future work we will consider the matching of multiple rules
which will work for large rule set with more effective memory
efficiency, search speed and avoiding the rule duplication.

172
IJRITCC | July 2016, Available @ http://www.ijritcc.org
_______________________________________________________________________________________
International Journal on Recent and Innovation Trends in Computing and Communication
Volume: 4 Issue: 7
____________________________________________________________________________________________________________________
ACKNOWLEDGMENT
I express many thanks to Prof. Ganesh Bandal for his great
effort of supervising and leading me, to accomplish thisfine
work. Also to college and department staff, they were agreat
source of support and encouragement. To my friends
andfamily, for their warm, kind encouragement and love. To
everyperson gave us something too light my pathway, I thanks
forBELIEVING IN ME.
REFERENCES
[1] Nara Lee, GeumdanJin, Jungwon Lee, Youngju Choi and
ChanghoonYim, Boundary Cutting for Packet [14] L. Choi, H. Kim, S. Ki, and M. H. Kim, Scalable packet
Classification, IEEE/ACM TRANSACTIONS ON
NETWORKING,vol. 22, no. 2,April.2014
[2] A. X. Liu, C.R.Meiners, andE.Torng, TCAMrazor: A
systematic approach towards minimizing packet classifiers
in TCAMs, IEEE/ACM Trans. Netw., vol. 18, no. 2, pp.
490500, Apr. 2010.
[3] C. R. Meiners, A. X. Liu, and E. Torng, Topological
transformation approaches to TCAM-based packet
classification, IEEE/ACM Trans. Netw., vol. 19, no. 1, pp.
237250, Feb. 2011.
[4] F. Yu and T. V. Lakshnam, Efficient multimatch packet
classification and lookup with TCAM, IEEE Micro, vol.
25, no. 1, pp. 5059, Jan. Feb. 2005.
[5] F. Yu, T. V. Lakshman, M. A. Motoyama, and R. H. Katz,
Efficient multimatch packet classification for network
security applications, IEEE J. Sel. Areas Commun., vol.
24, no. 10, pp. 18051816, Oct. 2006.
[6] H. Yu and R. Mahapatra, A memory-efficient hashing by
multi-predicate bloom filters for packet classification, in [20] Yaxuan Qi, Lianghong Xu and Baohua Yang and YiboXue
Proc. IEEE INFOCOM, 2008, pp. 24672475.
[7] H. Song and J. W. Lockwood, Efficient packet
classification for network intrusion detection using FPGA,
in Proc. ACM SIGDA FPGA,2005, pp. 238245.
[8] P. Gupta and N. Mckeown, Classification using
hierarchical intelligent cuttings, IEEE Micro, vol. 20, no.
1, pp. 3441, Jan.Feb. 2000.
[9] S. Singh, F. Baboescu, G. Varghese, and J. Wang, Packet
classification using multidimensional cutting, in Proc.
SIGCOMM, 2003, pp. 213224.
ISSN: 2321-8169
169 - 173
[10] P. Gupta and N. Mckeown, Algorithms for packet
classification, IEEE Netw., vol. 15, no. 2, pp. 2432,
Mar.Apr. 2001.
[11] B. Vamanan, G. Voskuilen, and T. N. Vijaykumar,
EffiCuts: Optimizing packet classification for memory and
throughput, in Proc.ACM SIGCOMM, 2010, pp. 207218.
[12] H. Song, M. Kodialam, F. Hao, and T. V. Lakshman,
Efficient trie braiding in scalable virtual routers,
IEEE/ACM Trans. Netw., vol. 20, no. 5, pp. 14891500,
Oct. 2012.
[13] J. Treurniet, A network activity classification schema and
its application to scan detection, IEEE/ACM Trans. Netw.,
vol. 19, no. 5, pp. 13961404, Oct. 2011.
classification through rule base partitioning using the
maximum entropy hashing, IEEE/ACM Trans. Netw., vol.
17, no. 6, pp. 19261935, Dec. 2009.
[15] P. Tsuchiya. A search algorithm for table entries with non-
contiguous wildcarding, unpublished report, Bellcore.
[16] Florin Baboescu and George, Scalable packet
classification, IEEE ACM transactions on networking, Vol
13, No 1, February 2005, pp 2-14
[17] Pankaj Gupta and Nick McKeown, Algorithms for packet
classification, pp 1- 29.
[18] Hyesook Lim, Nara Lee, GeumdanJin, Jungwon Lee,
Youngju Choi and ChanghoonYim, Boundry cutting for
packet classification, IEEE/ACM transactions on
networking, vol.. 22, no. 2, April 2014.
[19] BalajeeVamanan*, Gwendolyn Voskuilen* and T. N.
Vijaykumar, EffiCuts: Optimizing Packet Classification
for Memory and Throughput, SIGCOMM 2010, August
30-September 3, 2010.
and Jun Li, Packet Classification Algorithms: From
Theory to Practice, IEEE INFOCOM 2009.
[21] Ammar YahyaDaeef Al-Nejadiand Nasir Shaikh- Husin,
Survey on Multi Field Packet Classification Techniques,
Research Journal of Recent Sciences ISSN 2277-2502Vol.
4(2), 98-106, February (2015).
[22] http://www.arl.wustl.edu/~hs1/PClassEval.html.

173
IJRITCC | July 2016, Available @ http://www.ijritcc.org
_______________________________________________________________________________________