Bypassing space explosion in high-speed regular expression matching
作者: Jignesh Patel , Alex X. Liu , Eric Torng
DOI: 10.1109/TNET.2014.2309014
关键词:
摘要: Network intrusion detection and prevention systems commonly use regular expression (RE) signatures to represent individual security threats. While the corresponding deterministic finite state automata (DFA) for any one RE is typically small, DFA that corresponds entire set of REs usually too large be constructed or deployed. To address this issue, a variety alternative implementations compress size final automaton have been proposed such as extended (XFA) delayed input (D2 FA). The resulting are much smaller than DFA. However, previously construction algorithms do suffer from some drawbacks. First, most employ "Union then Minimize" framework where each first joined before minimization occurs. This leads an expensive nondeterministic (NFA) subset on relatively NFA. Second, construct intermediate step. In cases, so cannot even though small enough paper, we propose "Minimize Union" constructing compact focusing D2 FA. We show can almost optimal FA with parsers. key our approach space-and time-efficient routine merging two into experiments, algorithm runs average 155 times faster uses 1500 less memory previous algorithms. For example, able over 80 000 states using only 1 GB main in 77 min.
acm.org
sci-hub.se 参考文章(36)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Fang Yu, R.H. Katz, T.V. Lakshman, Gigabit rate packet pattern-matching using TCAM international conference on network protocols. pp. 174- 183 ,(2004) , 10.1109/ICNP.2004.1348108
Christopher R. Clark, David E. Schimmel, Efficient reconfigurable logic circuits for matching complex network intrusion detection patterns field-programmable logic and applications. pp. 956- 959 ,(2003) , 10.1007/978-3-540-45234-8_94
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
R. Sidhu, V.K. Prasanna, Fast Regular Expression Matching Using FPGAs field-programmable custom computing machines. pp. 227- 238 ,(2001) , 10.1109/FCCM.2001.22
Eric Norige, Eric Torng, Alex X. Liu, Jignesh Patel, Chad R. Meiners, Fast regular expression matching using small TCAMs for network intrusion detection and prevention systems usenix security symposium. pp. 8- 8 ,(2010)
I. Sourdis, D. Pnevmatikatos, Pre-decoded CAMs for efficient and high-speed NIDS pattern matching field-programmable custom computing machines. pp. 258- 267 ,(2004) , 10.1109/FCCM.2004.46
Ioannis Sourdis, Dionisios Pnevmatikatos, Fast, Large-Scale String Match for a 10Gbps FPGA-Based Network Intrusion Detection System field-programmable logic and applications. pp. 880- 889 ,(2003) , 10.1007/978-3-540-45234-8_85
C.R. Clark, D.E. Schimmel, Scalable pattern matching for high speed networks field-programmable custom computing machines. pp. 249- 257 ,(2004) , 10.1109/FCCM.2004.50
Rajeev Motwani, John E. Hopcroft, Jeffrey D. Ullman, Rotwani, Introduction to Automata Theory, Languages, and Computation ,(1979)