Top

Journal of Network and Systems Management

Published in:

01-06-2012

Managing DFA History with Queue for Deflation DFA

Authors: Yi Tang, Junchen Jiang, Chengchen Hu, Bin Liu

Published in: Journal of Network and Systems Management | Issue 2/2012

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

There is an increasing demand for network devices to perform deep packet inspection (DPI) in order to enhance network security. In DPI, the packet payload is compared against a set of predefined patterns that can be specified using regular expressions (regexes). It is well-known that mapping regexes to deterministic finite automaton (DFA) may suffer from the state explosion problem. Through observation, we attribute DFA explosion to the necessity of remembering matching history. In this paper, we investigate how to manage matching history efficiently and propose an extended DFA approach for regex matching called fcq-FA, which can make a memory size reduction of about 1,000 times with a fully automated approach. In fcq-FA, we use pipeline queues and counters to help record the matching history. Hence, state explosion caused by Kleene closure and length restriction can be completely avoided. Furthermore, it achieves a fully automated signature compilation with polynomial running time and space. The equivalence between fcq-FA and the traditional DFA is guaranteed by a strict theoretical proof, which means fcq-FA can process all the regexes supported by the traditional DFA.

next article Supporting NGNs Core Software Services: A Hybrid Architecture and its Performance Analysis

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Sommer, R., Paxson, V.: Enhancing byte-level network intrusion detection signatures with context. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2003)

Roesch, M.: Snort: The lightweight network intrusion detection system. http://www.snort.org/ (2001)

Smith, R., Estan, C., Jha, S.: XFAs: Faster signature matching with extended automata. In: IEEE Symposium on Security and Privacy (Oakland) (2008)

Smith, R., Estan, C., Jha, S., Kong, S.: Deflating the big bang: fast and scalable deep packet inspection with extended finite automata. In: Proceedings of ACM SIGCOMM (2008)

Yu, F., Chen, Z., Diao, Y., Lakshman, T.V., Katz, R.H.: Fast and memory-efficient regular expression matching for deep packet inspection. In: Proceedings of ACM/IEEE Symposium on Architectures for Networking and Communcations Systems (ANCS) (2006)

Kumar, S., Chandrasekaran, B., Turner, J., Varghese, G.: Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia. In: Proceedings of ACM/IEEE Symposium on Architectures for Networking and Communcations Systems (ANCS) (2007)

Kumar, S., Turner, J., Williams, J.: Advanced algorithms for fast and scalable deep packet inspection. In: Proceedings of ACM/IEEE Symposium on Architectures for Networking and Communcations Systems (ANCS) (2006)

Kumar, S., Dharmapurikar, S., Yu, F., Crowley, P., Turner, J.: Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In: Proceedings of ACM SIGCOMM (2007)

Becchi, M., Crowley, P.: An improved algorithm to accelerate regular expression evaluation. In: Proceedings of ACM/IEEE Symposium on Architectures for Networking and Communcations Systems (ANCS) (2007)

10.

Paxson, V.: Bro: A system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435 (1999) http://www.snort.org/

11.

Pcre: Perl compatible regular expressions. http://www.pcre.org/

12.

L7-filter: Application layer packet classifier for linux. http://l7-filter.sourceforge.net/ (2007)

13.

Regular expression. http://en.wikipedia.org/wiki/Regular_expression

14.

Sidhu, R., Prasanna, V.: Fast regular expression matching using FPGAs. In: Proceedings of IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM) (2001)

15.

Sourdis, I., Pnevmatikatos, D.: Pre-decoded CAMs for efficient and high-speed NIDS pattern matching. In: Proceedings of IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM) (2004)

16.

Brodie, B.C., Taylor, D.E., Cytron, R.K.: A scalable architecture for high-throughput regular-expression pattern matching. In: Proceedings of ACM/IEEE International Symposium on Computer Architecture (ISCA) (2006)

17.

Becchi, M., Crowley, P.: A hybrid finite automaton for practical deep packet inspection. In: Proceedings of ACM International Conference on emerging Networking EXperiments and Technologies(CoNEXT) (2007)

18.

Song, T., Zhang, W., Wang, D., Xue, Y.: A memory efficient multiple pattern matching architecture for network security. In: Proceedings of IEEE Conference on Computer Communications(INFOCOM) (2008)

19.

Bando, M., Artan, N., Chao, H.: LaFA: Lookahead finite automata for scalable regular expression detection. In: Proceedings of ACM/IEEE Symposium on Architectures for Networking and Communcations Systems (ANCS) (2009)

20.

Ficara, D., Giordano, S., Procissi, G.: An improved DFA for fast regular expression matching. ACM SIGCOMM Computer Communication Review (CCR) 38(5) (2008)

21.

Tang, Y., Xue, T., Jiang, J., Liu, B.: Deflation DFA: remembering history is adequate. In: Proceedings of IEEE International Conference on Communications (ICC) (2010)

22.

Smith, R., Estan, C., Jha, S., Siahaan, I.: Fast signature matching using extended finite automaton (XFA). In: Proceedings of International Conference on Information System Security (ICISS) (2008)

Title: Managing DFA History with Queue for Deflation DFA
Authors: Yi Tang
Junchen Jiang
Chengchen Hu
Bin Liu
Publication date: 01-06-2012
Publisher: Springer US
Published in: Journal of Network and Systems Management / Issue 2/2012
Print ISSN: 1064-7570
Electronic ISSN: 1573-7705
DOI: https://doi.org/10.1007/s10922-010-9179-4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 2/2012

Lightweight and Informative Traffic Metrics for Data Center Monitoring

Self-Management Framework for Mobile Autonomous Systems

Supporting NGNs Core Software Services: A Hybrid Architecture and its Performance Analysis

Measurement Based Analysis of One-Click File Hosting Services

Contextual Trust Aided Enhancement of Data Availability in Peer-to-Peer Backup Storage Systems

Effective and Energy Efficient Management of Network and Services: A Report on IM 2011

Premium Partner