Computer architecture (2nd ed.): a quantitative approach
Computer architecture (2nd ed.): a quantitative approach
Advanced compiler design and implementation
Advanced compiler design and implementation
Model checking
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Efficient string matching: an aid to bibliographic search
Communications of the ACM
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Active Mapping: Resisting NIDS Evasion without Altering Traffic
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
A fast string-matching algorithm for network processor-based intrusion detection system
ACM Transactions on Embedded Computing Systems (TECS)
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Scalable Pattern Matching for High Speed Networks
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
A High Throughput String Matching Architecture for Intrusion Detection and Prevention
Proceedings of the 32nd annual international symposium on Computer Architecture
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching
Proceedings of the 33rd annual international symposium on Computer Architecture
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Introduction to Automata Theory, Languages, and Computation (3rd Edition)
Introduction to Automata Theory, Languages, and Computation (3rd Edition)
Design of a web switch in a reconfigurable platform
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Advanced algorithms for fast and scalable deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Backtracking Algorithmic Complexity Attacks against a NIDS
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Denial of service via algorithmic complexity attacks
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
An improved algorithm to accelerate regular expression evaluation
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
XFA: Faster Signature Matching with Extended Automata
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Fast and Scalable Pattern Matching for Network Intrusion Detection Systems
IEEE Journal on Selected Areas in Communications
Efficient signature matching with multiple alphabet compression tables
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Fast Signature Matching Using Extended Finite Automaton (XFA)
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
A Hybrid Parallel Signature Matching Model for Network Security Applications Using SIMD GPU
APPT '09 Proceedings of the 8th International Symposium on Advanced Parallel Processing Technologies
Memory-efficient distribution of regular expressions for fast deep packet inspection
CODES+ISSS '09 Proceedings of the 7th IEEE/ACM international conference on Hardware/software codesign and system synthesis
Software toolchain for large-scale RE-NFA construction on FPGA
International Journal of Reconfigurable Computing - Special issue on selected papers from ReConFig 2008
Multi-byte Regular Expression Matching with Speculation
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
APFA: Asynchronous Parallel Finite Automaton for Deep Packet Inspection in Cloud Computing
CloudCom '09 Proceedings of the 1st International Conference on Cloud Computing
A modular NFA architecture for regular expression matching
Proceedings of the 18th annual ACM/SIGDA international symposium on Field programmable gate arrays
Improving cost and accuracy of DPI traffic classifiers
Proceedings of the 2010 ACM Symposium on Applied Computing
An experimental evaluation of the computational cost of a DPI traffic classifier
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Second-order differential encoding of deterministic finite automata
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Robust and fast pattern matching for intrusion detection
INFOCOM'10 Proceedings of the 29th conference on Information communications
Accelerating the bit-split string matching algorithm using Bloom filters
Computer Communications
NetShield: massive semantics-based vulnerability signature matching for high-speed networks
Proceedings of the ACM SIGCOMM 2010 conference
Carousel: scalable logging for intrusion prevention systems
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Range hash for regular expression pre-filtering
Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Evaluating regular expression matching engines on network and general purpose processors
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
LaFA: lookahead finite automata for scalable regular expression detection
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
A NFA-based programmable regular expression match engine
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
LaFA: lookahead finite automata for scalable regular expression detection
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Network DVR: a programmable framework for application-aware trace collection
PAM'10 Proceedings of the 11th international conference on Passive and active measurement
Improving NFA-based signature matching using ordered binary decision diagrams
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
SigMatch: fast and scalable multi-pattern matching
Proceedings of the VLDB Endowment
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Optimizing Deep Packet Inspection for High-Speed Traffic Analysis
Journal of Network and Systems Management
Selective regular expression matching
ISC'10 Proceedings of the 13th international conference on Information security
Deterministic finite automata characterization and optimization for scalable pattern matching
ACM Transactions on Architecture and Code Optimization (TACO)
Fast, memory-efficient regular expression matching with NFA-OBDDs
Computer Networks: The International Journal of Computer and Telecommunications Networking
Differential encoding of DFAs for fast regular expression matching
IEEE/ACM Transactions on Networking (TON)
Lattice-Based Sampling for Path Property Monitoring
ACM Transactions on Software Engineering and Methodology (TOSEM)
Chain-Based DFA Deflation for Fast and Scalable Regular Expression Matching Using TCAM
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
GPU-based NFA implementation for memory efficient high speed regular expression matching
Proceedings of the 17th ACM SIGPLAN symposium on Principles and Practice of Parallel Programming
Deterministic finite automata characterization for memory-based pattern matching
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Managing DFA History with Queue for Deflation DFA
Journal of Network and Systems Management
Proving correctness of regular expression accelerators
Proceedings of the 49th Annual Design Automation Conference
A prefiltering approach to regular expression matching for network security systems
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Scalable lookahead regular expression detection system for deep packet inspection
IEEE/ACM Transactions on Networking (TON)
Hardware acceleration in the IBM PowerEN processor: architecture and performance
Proceedings of the 21st international conference on Parallel architectures and compilation techniques
Deep packet inspection tools and techniques in commodity platforms: Challenges and trends
Journal of Network and Computer Applications
Fast submatch extraction using OBDDs
Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems
GPP-Grep: high-speed regular expression processing engine on general purpose processors
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
An efficient parallelized L7-filter design for multicore servers
IEEE/ACM Transactions on Networking (TON)
A-DFA: A Time- and Space-Efficient DFA Compression Algorithm for Fast Regular Expression Evaluation
ACM Transactions on Architecture and Code Optimization (TACO)
Designing a Programmable Wire-Speed Regular-Expression Matching Accelerator
MICRO-45 Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture
Detection and classification of peer-to-peer traffic: A survey
ACM Computing Surveys (CSUR)
Proceedings of the ACM International Conference on Computing Frontiers
Towards fast regular expression matching in practice
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Applications of symbolic finite automata
CIAA'13 Proceedings of the 18th international conference on Implementation and Application of Automata
Equivalence of extended symbolic finite transducers
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
Scalable TCAM-based regular expression matching with compressed finite automata
ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems
Picking pesky parameters: optimizing regular expression matching in practice
ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems
Exploring the design space of programmable regular expression matching accelerators
Journal of Systems Architecture: the EUROMICRO Journal
Fast Regular Expression Matching Using Small TCAM
IEEE/ACM Transactions on Networking (TON)
| Hi-index | 0.00 |
Deep packet inspection is playing an increasingly important role in the design of novel network services. Regular expressions are the language of choice for writing signatures, but standard DFA or NFA representations are unsuitable for high-speed environments, requiring too much memory, too much time, or too much per-flow state. DFAs are fast and can be readily combined, but doing so often leads to state-space explosion. NFAs, while small, require large per-flow state and are slow. We propose a solution that simultaneously addresses all these problems. We start with a first-principles characterization of state-space explosion and give conditions that eliminate it when satisfied. We show how auxiliary variables can be used to transform automata so that they satisfy these conditions, which we codify in a formal model that augments DFAs with auxiliary variables and simple instructions for manipulating them. Building on this model, we present techniques, inspired by principles used in compiler optimization, that systematically reduce runtime and per-flow state. In our experiments, signature sets from Snort and Cisco Systems achieve state-space reductions of over four orders of magnitude, per-flow state reductions of up to a factor of six, and runtimes that approach DFAs.