SPC-FA: synergic parallel compact finite automaton to accelerate multi-string matching with low memory

Symposium on Architectures for Networking and Communications Systems Pub Date : 2009-10-19 DOI:10.1145/1882486.1882523

Junchen Jiang, Yi Tang, B. Liu, Xiaofei Wang, Yang Xu

{"title":"SPC-FA: synergic parallel compact finite automaton to accelerate multi-string matching with low memory","authors":"Junchen Jiang, Yi Tang, B. Liu, Xiaofei Wang, Yang Xu","doi":"10.1145/1882486.1882523","DOIUrl":null,"url":null,"abstract":"Deterministic Finite Automaton (DFA) is well-known for its constant matching speed in worst case, and widely used in multi-string matching, which is a critical technique in high performance Network Intrusion Detection System (NIDS) design. Existing DFA-based researches achieve high throughput at the expense of extremely high memory cost, so they fail to be used in situations like embedded systems where very tight memory resource is available. In this paper, we propose a memory-efficient multi-string matching acceleration scheme named Synergic Parallel Compact (SPC) Match Engine, which can provide a high matching speedup with no extra memory cost than the traditional DFA. Our scheme can be understood as consisting of k SPC-FAs, each of which can process one character from the input stream, causing achieving a constant speedup factor k with reduced memory occupation. Experimental evaluations with Snort and ClamAV rulesets show that a speedup of 9X can be practically achieved by a single SPC Match Engine instance with a reduced memory size than the up-to-date DFA-based compression approaches.","PeriodicalId":329300,"journal":{"name":"Symposium on Architectures for Networking and Communications Systems","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Symposium on Architectures for Networking and Communications Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1882486.1882523","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Deterministic Finite Automaton (DFA) is well-known for its constant matching speed in worst case, and widely used in multi-string matching, which is a critical technique in high performance Network Intrusion Detection System (NIDS) design. Existing DFA-based researches achieve high throughput at the expense of extremely high memory cost, so they fail to be used in situations like embedded systems where very tight memory resource is available. In this paper, we propose a memory-efficient multi-string matching acceleration scheme named Synergic Parallel Compact (SPC) Match Engine, which can provide a high matching speedup with no extra memory cost than the traditional DFA. Our scheme can be understood as consisting of k SPC-FAs, each of which can process one character from the input stream, causing achieving a constant speedup factor k with reduced memory occupation. Experimental evaluations with Snort and ClamAV rulesets show that a speedup of 9X can be practically achieved by a single SPC Match Engine instance with a reduced memory size than the up-to-date DFA-based compression approaches.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

SPC-FA:协同并行紧凑有限自动机，以加速多字符串匹配与低内存

确定性有限自动机(DFA)以其在最坏情况下具有恒定的匹配速度而闻名，广泛应用于多字符串匹配，是高性能网络入侵检测系统(NIDS)设计中的一项关键技术。现有的基于dfa的研究以极高的内存成本为代价实现了高吞吐量，因此无法用于嵌入式系统等内存资源非常紧张的情况。在本文中，我们提出了一种内存高效的多字符串匹配加速方案——协同并行紧凑匹配引擎(SPC)，它可以在不增加内存开销的情况下提供较高的匹配加速。我们的方案可以理解为由k个spc - fa组成，每个spc - fa可以处理输入流中的一个字符，从而在减少内存占用的情况下实现恒定的加速因子k。使用Snort和ClamAV规则集进行的实验评估表明，与最新的基于dfa的压缩方法相比，单个SPC Match Engine实例的内存大小更小，实际上可以实现9倍的加速。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Symposium on Architectures for Networking and Communications Systems

自引率

0.00%

发文量