Abstract | ||
---|---|---|
Deep packet inspection (DPI), based on regular expressions, is expressive, compact, and efficient in specifying attack signatures. We focus on their implementations based on general-purpose processors that are cost-effective and flexible to update. In this paper, we propose a novel solution, called deterministic finite automata with extended character-set (DFA/EC), which can significantly decrease the number of states through doubling the size of the character-set. Unlike existing state reduction algorithms, our solution requires only a single main memory access for each byte in the traffic payload, which is the minimum. We perform experiments with several Snort rule-sets. Results show that, compared to DFAs, DFA/ECs are very compact and are over four orders of magnitude smaller in the best cases; DFA/ECs also have smaller memory bandwidth and run faster. We believe that DFA/EC will lay a groundwork for a new type of state compression technique in fast packet inspection. |
Year | DOI | Venue |
---|---|---|
2011 | 10.1109/TC.2013.93 | IEEE Trans. Computers |
Keywords | DocType | Volume |
deep packet inspection (dpi),finite automata,regular expression,deep packet inspection,traffic payload,dpi,fast packet inspection,deterministic finite automata (dfa),inspection,regular expressions,novel solution,dfa/ec,data compression,general-purpose processors,extended character-set,deterministic finite automata with extended character-set,single memory access,attack signature,smaller memory bandwidth,deterministic automata,digital signatures,extended character-set (ec),state compression technique,state reduction algorithm,attack signatures,snort rule-sets,fast deep packet inspection,character sets,indexing terms,memory bandwidth,cost effectiveness,deterministic finite automata | Conference | 63 |
Issue | ISSN | Citations |
8 | 0018-9340 | 1 |
PageRank | References | Authors |
0.34 | 20 | 4 |