RICS-DFA: Reduced Input Character Set DFA for Memory-Efficient Regular Expression Matching
作者: Qiu Tang , Lei Jiang , Qiong Dai , Majing Su , Hongtao Xie
DOI: 10.1007/978-3-662-48683-2_23
关键词: Algorithm 、 Network packet 、 Regular expression 、 Character encoding 、 Deterministic finite automaton 、 Payload (computing) 、 Deep packet inspection 、 Byte 、 Mathematics 、 Matching (graph theory)
摘要: Regular expression matching as a core component of deep packet inspection (DPI) is widely used in various kinds modern network intrusion detection system (NIDS), traffic classification and monitoring system, etc. In these systems, regular expressions are typically converted to deterministic finite automaton (DFA), the DFA scan check each byte incoming packet’s payload against rule sets judge whether current matched by any sets. If matched, it means contains specific attacks, viruses, so on. However, generally consumes large amount memory. Many recent improvement work mainly focus on how reduce memory requirement. Like previous work, this paper we propose compact, time-efficient novel structure significantly decrease DFA’s space, new called Reduced Input Character Set (RICS-DFA). A character escaping replacing scheme first introduced set size then space requirement with series optimization techniques based RICS-DFA. RICS-DFA constructed transition rewriting. Experimental results real-life rule-sets reveal that compared original DFA, reduces consumption 68 %–92 % while sacrificing trivial speed.
springer.com
sci-hub.st 参考文章(10)
Ji-Soo Oh, Min-Woo Park, Tai-Myoung Chung, Enhancing Security of the Android Platform via Multi-level Security Model International Conference on Applications and Techniques in Information Security. pp. 13- 24 ,(2014) , 10.1007/978-3-662-45670-5_2
Maleeha Najam, Usman Younis, Raihan ur Rasool, Speculative parallel pattern matching using stride-k DFA for deep packet inspection Journal of Network and Computer Applications. ,vol. 54, pp. 78- 87 ,(2015) , 10.1016/J.JNCA.2015.04.013
Domenico Ficara, Stefano Giordano, Gregorio Procissi, Fabio Vitucci, Gianni Antichi, Andrea Di Pietro, An improved DFA for fast regular expression matching ACM SIGCOMM Computer Communication Review. ,vol. 38, pp. 29- 40 ,(2008) , 10.1145/1452335.1452339
Fang Yu, Zhifeng Chen, Yanlei Diao, T. V. Lakshman, Randy H. Katz, Fast and memory-efficient regular expression matching for deep packet inspection Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems - ANCS '06. pp. 93- 102 ,(2006) , 10.1145/1185347.1185360
Jignesh Patel, Alex X. Liu, Eric Torng, Bypassing space explosion in high-speed regular expression matching IEEE ACM Transactions on Networking. ,vol. 22, pp. 1701- 1714 ,(2014) , 10.1109/TNET.2014.2309014
J.-I. Aoe, An efficient digital search algorithm by using a double-array structure IEEE Transactions on Software Engineering. ,vol. 15, pp. 1066- 1077 ,(1989) , 10.1109/32.31365
Sailesh Kumar, Sarang Dharmapurikar, Fang Yu, Patrick Crowley, Jonathan Turner, Algorithms to accelerate multiple regular expressions matching for deep packet inspection acm special interest group on data communication. ,vol. 36, pp. 339- 350 ,(2006) , 10.1145/1151659.1159952
Tingwen Liu, Yifu Yang, Yanbing Liu, Yong Sun, Li Guo, An efficient regular expressions compression algorithm from a new perspective 2011 Proceedings IEEE INFOCOM. pp. 2129- 2137 ,(2011) , 10.1109/INFCOM.2011.5935024
Michela Becchi, Patrick Crowley, A-DFA ACM Transactions on Architecture and Code Optimization. ,vol. 10, pp. 1- 26 ,(2013) , 10.1145/2445572.2445576
Mariantonietta La Polla, Fabio Martinelli, Daniele Sgandurra, A Survey on Security for Mobile Devices IEEE Communications Surveys and Tutorials. ,vol. 15, pp. 446- 471 ,(2013) , 10.1109/SURV.2012.013012.00028