Top

Published in:

2010 | OriginalPaper | Chapter

10. Fast Packet Pattern-Matching Algorithms

Authors : Fang Yu, Yanlei Diao, Randy H. Katz, T. V. Lakshman

Published in: Algorithms for Next Generation Networks

Publisher: Springer London

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Packet content scanning at high speed has become extremely important due to its applications in network security, network monitoring, HTTP load balancing, etc. In content scanning, the packet payload is compared to a set of patterns specified as regular expressions. In this chapter, we first describe the typical patterns used in packet-scanning applications and show that for some of these patterns the memory requirements can be prohibitively high when traditional matching methods are used. We then review techniques for efficient regular expression matching and explore regular expression rewrite techniques that can significantly reduce memory usage. Based on new rewrite insights, we propose guidelines for pattern writers to make matching fast and practical. Furthermore, we discuss deterministic finite automaton (DFA) link compression techniques and review algorithms and data structures that are specifically designed for matching regular expressions in networking applications.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Hash-Based Techniques for High-Speed Packet Processing

next chapter Anomaly Detection Approaches for Communication Networks

This study is based on the use of exhaustive matching and one-pass search defined in [16].

The techniques presented in this chapter assume packets are reassembled into a stream before checking for patterns. For pattern matching on out of order packets, please refer to [9].

Bro intrusion detection system. http://bro-ids.org/Overview.html.

Gnu grep tool. http://www.gnu.org/software/grep/.

Snort network intrusion detection system. http://www.snort.org.

A. V. Aho, R. Sethi, and J. D. Ullman. Compilers: principles, techniques, and tools. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1986.

Y. Diao, M. Altinel, M. J. Franklin, H. Zhang, and P. Fischer. Path sharing and predicate evaluation for high-performance xml filtering. ACM Trans. Database Syst., 28(4):467–516, 2003.CrossRef

T. J. Green, A. Gupta, G. Miklau, M. Onizuka, and D. Suciu. Processing xml streams with deterministic automata and stream indexes. ACM Trans. Database Syst., 29(4):752–788, 2004.CrossRef

J. E. Hopcroft, R. Motwani, and J. D. Ullman. Introduction to Automata Theory, Languages, and Computation (3rd Edition). Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2006.

T. Johnson, S. Muthukrishnan, and I. Rozenbaum. Monitoring regular expressions on out-of-order streams. In ICDE, 2007.

10.

S. Kumar, B. Chandrasekaran, J. Turner, and G. Varghese. Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia. In ANCS ’07: Proceedings of the 2007 ACM/IEEE Symposium on Architecture for networking and communications systems, pages 155–164, 2007.

11.

S. Kumar, S. Dharmapurikar, F. Yu, P. Crowley, and J. Turner. Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In SIGCOMM ’06: Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, pages 339–350, 2006.

12.

J. Levandoski, E. Sommer, and M. Strait. Application layer packet classifier for linux. http://l7-filter.sourceforge.net/.

13.

V. Paxson. Flex: A fast scanner generator. http://dinosaur.compilertools.net/flex/index.html.

14.

R. Sommer and V. Paxson. Enhancing byte-level network intrusion detection signatures with context. In CCS ’03: Proceedings of the 10th ACM conference on Computer and communications security, pages 262–271, 2003.

15.

Venkat. Yahoo messenger protocol. http://www.venkydude.com/articles/yahoo.htm/.

16.

F. Yu, Z. Chen, Y. Diao, T. V. Lakshman, and R. H. Katz. Fast and memory-efficient regular expression matching for deep packet inspection. In ANCS ’06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems, pages 93–102, 2006.

Title: Fast Packet Pattern-Matching Algorithms
Authors: Fang Yu
Yanlei Diao
Randy H. Katz
T. V. Lakshman
Publisher: Springer London
Book: Algorithms for Next Generation Networks
Print ISBN: 978-1-84882-764-6

Electronic ISBN: 978-1-84882-765-3

Copyright Year: 2010
DOI: https://doi.org/10.1007/978-1-84882-765-3_10

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner