Pattern-Based DFA for Memory-Efficient and Scalable Multiple Regular Expression Matching

2010 IEEE International Conference on Communications Pub Date : 2010-05-23 DOI:10.1109/ICC.2010.5501973

Junchen Jiang, Yang Xu, Tian Pan, Yi Tang, B. Liu

{"title":"Pattern-Based DFA for Memory-Efficient and Scalable Multiple Regular Expression Matching","authors":"Junchen Jiang, Yang Xu, Tian Pan, Yi Tang, B. Liu","doi":"10.1109/ICC.2010.5501973","DOIUrl":null,"url":null,"abstract":"In Network Intrusion Detection System, De-terministic Finite Automaton (DFA) is widely used to compare packet content at a constant speed against a set of patterns specified in regular expressions (regex patterns). However, combining many regex patterns into a single DFA causes a serious state explosion. Partitioning the pat-tern set into several subsets, each of which produces a small DFA, is a practical way to deflate the state explosion. In this paper, we propose a regex pattern grouping scheme based on a new DFA model called Pattern-Based DFA (P-DFA) which supports efficient pattern-based op-erations, such as insertion, deletion, and etc. By using these basic operations, one can easily measure the state explo-sion when combining a set of regex patterns into a single DFA. Based on the privilege, we develop regex grouping algorithms for mitigating the state explosion in parallel and sequential matching environments, respectively. The evaluation shows that under the same constraints, our ap-proach requires only half the number of groups compared with the most well-known algorithms.","PeriodicalId":6405,"journal":{"name":"2010 IEEE International Conference on Communications","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2010-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE International Conference on Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICC.2010.5501973","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

In Network Intrusion Detection System, De-terministic Finite Automaton (DFA) is widely used to compare packet content at a constant speed against a set of patterns specified in regular expressions (regex patterns). However, combining many regex patterns into a single DFA causes a serious state explosion. Partitioning the pat-tern set into several subsets, each of which produces a small DFA, is a practical way to deflate the state explosion. In this paper, we propose a regex pattern grouping scheme based on a new DFA model called Pattern-Based DFA (P-DFA) which supports efficient pattern-based op-erations, such as insertion, deletion, and etc. By using these basic operations, one can easily measure the state explo-sion when combining a set of regex patterns into a single DFA. Based on the privilege, we develop regex grouping algorithms for mitigating the state explosion in parallel and sequential matching environments, respectively. The evaluation shows that under the same constraints, our ap-proach requires only half the number of groups compared with the most well-known algorithms.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于模式的DFA用于内存高效和可扩展的多正则表达式匹配

在网络入侵检测系统中，确定有限自动机(DFA)被广泛用于将数据包内容与正则表达式(regex模式)中指定的一组模式以恒定速度进行比较。但是，将许多正则表达式模式组合到单个DFA中会导致严重的状态爆炸。将模式集划分为几个子集，每个子集产生一个小的DFA，是减少状态爆炸的一种实用方法。本文基于一种新的DFA模型，即基于模式的DFA (P-DFA)提出了一种正则表达式模式分组方案，该方案支持高效的基于模式的操作操作，如插入、删除等。通过使用这些基本操作，可以很容易地测量将一组正则表达式模式组合成单个DFA时的状态爆炸。在此基础上，我们分别开发了正则表达式分组算法来缓解并行和顺序匹配环境下的状态爆炸。评估表明，在相同的约束条件下，与大多数知名算法相比，我们的方法只需要一半的组数。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2010 IEEE International Conference on Communications

自引率

0.00%

发文量