RICS-DFA: a space and time-efficient signature matching algorithm with Reduced Input Character Set
作者: Qiu Tang , Lei Jiang , Qiong Dai , Majing Su , Hongtao Xie
DOI: 10.1002/CPE.3940
关键词:
摘要: Summary Regular expression matching as a core component of deep packet inspection is widely used in various kinds modern network intrusion detection system, traffic classification monitoring and so on. In these systems, regular expressions are typically converted to deterministic finite automaton (DFA), which takes O(1) scan each input character. However, DFA generally consumes large amount memory. This paper proposes novel, space-efficient time-efficient presentation, called reduced character set (RICS-DFA). A escaping replacing scheme first introduced decrease the size DFA's then reduce space requirement with series optimization techniques. Based on transition rewriting, RICS-DFA constructing algorithm time complexity O(n) presented this paper. For real rule-sets, reduces memory consumption by 68–92%, compared original DFA. Finally, designs scalable engine field-programmable gate array platform state matrix mapped on-chip memories. The throughput executing for rule-sets can achieve 7–50.5 Gbps. Copyright © 2016 John Wiley & Sons, Ltd.
sci-hub.se 参考文章(19)
Ji-Soo Oh, Min-Woo Park, Tai-Myoung Chung, Enhancing Security of the Android Platform via Multi-level Security Model International Conference on Applications and Techniques in Information Security. pp. 13- 24 ,(2014) , 10.1007/978-3-662-45670-5_2
Maleeha Najam, Usman Younis, Raihan ur Rasool, Speculative parallel pattern matching using stride-k DFA for deep packet inspection Journal of Network and Computer Applications. ,vol. 54, pp. 78- 87 ,(2015) , 10.1016/J.JNCA.2015.04.013
Jinmin Yang, Jie Yang, Kun Huang, Huigui Rong, Kin Fun Li, A compression approach to reducing power consumption of TCAMs in regular expression matching Computer Communications. ,vol. 70, pp. 86- 94 ,(2015) , 10.1016/J.COMCOM.2015.08.003
Michela Becchi, Anat Bremler-Barr, David Hay, Omer Kochba, Yaron Koral, Accelerating regular expression matching over compressed HTTP 2015 IEEE Conference on Computer Communications (INFOCOM). pp. 540- 548 ,(2015) , 10.1109/INFOCOM.2015.7218421
Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan, Binxing Fang, A fast regular expression matching engine for NIDS applying prediction scheme international symposium on computers and communications. pp. 1- 7 ,(2014) , 10.1109/ISCC.2014.6912600
Yunji Chen, Tianshi Chen, Ling Li, Ruiyang Wu, Daofu Liu, Weiwu Hu, Deterministic Replay Using Global Clock ACM Transactions on Architecture and Code Optimization. ,vol. 10, pp. 1- 28 ,(2013) , 10.1145/2445572.2445573
Mohsen Amini Salehi, Thomas Caldwell, Alejandro Fernandez, Emmanuel Mickiewicz, Eric W.D. Rozier, Saman Zonouz, David Redberg, RESeED: Regular Expression Search over Encrypted Data in the Cloud international conference on cloud computing. pp. 673- 680 ,(2014) , 10.1109/CLOUD.2014.95
Domenico Ficara, Stefano Giordano, Gregorio Procissi, Fabio Vitucci, Gianni Antichi, Andrea Di Pietro, An improved DFA for fast regular expression matching ACM SIGCOMM Computer Communication Review. ,vol. 38, pp. 29- 40 ,(2008) , 10.1145/1452335.1452339
Fang Yu, Zhifeng Chen, Yanlei Diao, T. V. Lakshman, Randy H. Katz, Fast and memory-efficient regular expression matching for deep packet inspection Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems - ANCS '06. pp. 93- 102 ,(2006) , 10.1145/1185347.1185360
Yang Xu, Junchen Jiang, Rihua Wei, Yang Song, H. Jonathan Chao, TFA: A Tunable Finite Automaton for Pattern Matching in Network Intrusion Detection Systems IEEE Journal on Selected Areas in Communications. ,vol. 32, pp. 1810- 1821 ,(2014) , 10.1109/JSAC.2014.2358856