nach oben

Journal of Network and Systems Management

Erschienen in:

01.06.2012

Managing DFA History with Queue for Deflation DFA

verfasst von: Yi Tang, Junchen Jiang, Chengchen Hu, Bin Liu

Erschienen in: Journal of Network and Systems Management | Ausgabe 2/2012

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

There is an increasing demand for network devices to perform deep packet inspection (DPI) in order to enhance network security. In DPI, the packet payload is compared against a set of predefined patterns that can be specified using regular expressions (regexes). It is well-known that mapping regexes to deterministic finite automaton (DFA) may suffer from the state explosion problem. Through observation, we attribute DFA explosion to the necessity of remembering matching history. In this paper, we investigate how to manage matching history efficiently and propose an extended DFA approach for regex matching called fcq-FA, which can make a memory size reduction of about 1,000 times with a fully automated approach. In fcq-FA, we use pipeline queues and counters to help record the matching history. Hence, state explosion caused by Kleene closure and length restriction can be completely avoided. Furthermore, it achieves a fully automated signature compilation with polynomial running time and space. The equivalence between fcq-FA and the traditional DFA is guaranteed by a strict theoretical proof, which means fcq-FA can process all the regexes supported by the traditional DFA.

Nächster Artikel Supporting NGNs Core Software Services: A Hybrid Architecture and its Performance Analysis

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Sommer, R., Paxson, V.: Enhancing byte-level network intrusion detection signatures with context. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2003)

Roesch, M.: Snort: The lightweight network intrusion detection system. http://www.snort.org/ (2001)

Smith, R., Estan, C., Jha, S.: XFAs: Faster signature matching with extended automata. In: IEEE Symposium on Security and Privacy (Oakland) (2008)

Smith, R., Estan, C., Jha, S., Kong, S.: Deflating the big bang: fast and scalable deep packet inspection with extended finite automata. In: Proceedings of ACM SIGCOMM (2008)

Yu, F., Chen, Z., Diao, Y., Lakshman, T.V., Katz, R.H.: Fast and memory-efficient regular expression matching for deep packet inspection. In: Proceedings of ACM/IEEE Symposium on Architectures for Networking and Communcations Systems (ANCS) (2006)

Kumar, S., Chandrasekaran, B., Turner, J., Varghese, G.: Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia. In: Proceedings of ACM/IEEE Symposium on Architectures for Networking and Communcations Systems (ANCS) (2007)

Kumar, S., Turner, J., Williams, J.: Advanced algorithms for fast and scalable deep packet inspection. In: Proceedings of ACM/IEEE Symposium on Architectures for Networking and Communcations Systems (ANCS) (2006)

Kumar, S., Dharmapurikar, S., Yu, F., Crowley, P., Turner, J.: Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In: Proceedings of ACM SIGCOMM (2007)

Becchi, M., Crowley, P.: An improved algorithm to accelerate regular expression evaluation. In: Proceedings of ACM/IEEE Symposium on Architectures for Networking and Communcations Systems (ANCS) (2007)

10.

Paxson, V.: Bro: A system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435 (1999) http://www.snort.org/

11.

Pcre: Perl compatible regular expressions. http://www.pcre.org/

12.

L7-filter: Application layer packet classifier for linux. http://l7-filter.sourceforge.net/ (2007)

13.

Regular expression. http://en.wikipedia.org/wiki/Regular_expression

14.

Sidhu, R., Prasanna, V.: Fast regular expression matching using FPGAs. In: Proceedings of IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM) (2001)

15.

Sourdis, I., Pnevmatikatos, D.: Pre-decoded CAMs for efficient and high-speed NIDS pattern matching. In: Proceedings of IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM) (2004)

16.

Brodie, B.C., Taylor, D.E., Cytron, R.K.: A scalable architecture for high-throughput regular-expression pattern matching. In: Proceedings of ACM/IEEE International Symposium on Computer Architecture (ISCA) (2006)

17.

Becchi, M., Crowley, P.: A hybrid finite automaton for practical deep packet inspection. In: Proceedings of ACM International Conference on emerging Networking EXperiments and Technologies(CoNEXT) (2007)

18.

Song, T., Zhang, W., Wang, D., Xue, Y.: A memory efficient multiple pattern matching architecture for network security. In: Proceedings of IEEE Conference on Computer Communications(INFOCOM) (2008)

19.

Bando, M., Artan, N., Chao, H.: LaFA: Lookahead finite automata for scalable regular expression detection. In: Proceedings of ACM/IEEE Symposium on Architectures for Networking and Communcations Systems (ANCS) (2009)

20.

Ficara, D., Giordano, S., Procissi, G.: An improved DFA for fast regular expression matching. ACM SIGCOMM Computer Communication Review (CCR) 38(5) (2008)

21.

Tang, Y., Xue, T., Jiang, J., Liu, B.: Deflation DFA: remembering history is adequate. In: Proceedings of IEEE International Conference on Communications (ICC) (2010)

22.

Smith, R., Estan, C., Jha, S., Siahaan, I.: Fast signature matching using extended finite automaton (XFA). In: Proceedings of International Conference on Information System Security (ICISS) (2008)

Titel: Managing DFA History with Queue for Deflation DFA
verfasst von: Yi Tang
Junchen Jiang
Chengchen Hu
Bin Liu
Publikationsdatum: 01.06.2012
Verlag: Springer US
Erschienen in: Journal of Network and Systems Management / Ausgabe 2/2012
Print ISSN: 1064-7570
Elektronische ISSN: 1573-7705
DOI: https://doi.org/10.1007/s10922-010-9179-4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2012

Effective and Energy Efficient Management of Network and Services: A Report on IM 2011

Measurement Based Analysis of One-Click File Hosting Services

Supporting NGNs Core Software Services: A Hybrid Architecture and its Performance Analysis

Lightweight and Informative Traffic Metrics for Data Center Monitoring

Contextual Trust Aided Enhancement of Data Availability in Peer-to-Peer Backup Storage Systems

Self-Management Framework for Mobile Autonomous Systems

Premium Partner