2012 | OriginalPaper | Buchkapitel
EFA for Efficient Regular Expression Matching in NIDS (Poster Abstract)
verfasst von : Dengke Qiao, Tingwen Liu, Yong Sun, Li Guo
Erschienen in: Research in Attacks, Intrusions, and Defenses
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Regular Expression (RegEx) matching has been widely used in many network security systems. Despite much effort on this important problem, it remains a fundamentally difficult problem. DFA-based solutions are efficient in time but inefficient in memory, while NFA-based solutions are memory-efficient but time-inefficient. This poster provides a new solution named EFA (Excl-deterministic Finite Automata) to address the problem by excluding cancerogenic states from active state sets. The cancerogenic states are identified based on conflict relations. We make an evaluation of EFA with real RegExes and traffic traces. Experimental results show that EFA can dramatically reduce DFA state size at the cost of limited matching performance.