Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Efficient string matching: an aid to bibliographic search
Communications of the ACM
Introduction To Automata Theory, Languages, And Computation
Introduction To Automata Theory, Languages, And Computation
Efficient Filtering of XML Documents for Selective Dissemination of Information
VLDB '00 Proceedings of the 26th International Conference on Very Large Data Bases
Assisting Network Intrusion Detection with Reconfigurable Hardware
FCCM '02 Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
SPIRE '00 Proceedings of the Seventh International Symposium on String Processing Information Retrieval (SPIRE'00)
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Fast Regular Expression Matching Using FPGAs
FCCM '01 Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
A High Throughput String Matching Architecture for Intrusion Detection and Prevention
Proceedings of the 32nd annual international symposium on Computer Architecture
A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching
Proceedings of the 33rd annual international symposium on Computer Architecture
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Advanced algorithms for fast and scalable deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Mastering Regular Expressions
Compiling PCRE to FPGA for accelerating SNORT IDS
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
An improved algorithm to accelerate regular expression evaluation
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
A hybrid finite automaton for practical deep packet inspection
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Robust and fast pattern matching for intrusion detection
INFOCOM'10 Proceedings of the 29th conference on Information communications
Range hash for regular expression pre-filtering
Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
LaFA: lookahead finite automata for scalable regular expression detection
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
A NFA-based programmable regular expression match engine
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
LaFA: lookahead finite automata for scalable regular expression detection
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Optimizing Deep Packet Inspection for High-Speed Traffic Analysis
Journal of Network and Systems Management
Chain-Based DFA Deflation for Fast and Scalable Regular Expression Matching Using TCAM
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
GPU-based NFA implementation for memory efficient high speed regular expression matching
Proceedings of the 17th ACM SIGPLAN symposium on Principles and Practice of Parallel Programming
Scalable lookahead regular expression detection system for deep packet inspection
IEEE/ACM Transactions on Networking (TON)
GPP-Grep: high-speed regular expression processing engine on general purpose processors
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
A-DFA: A Time- and Space-Efficient DFA Compression Algorithm for Fast Regular Expression Evaluation
ACM Transactions on Architecture and Code Optimization (TACO)
Proceedings of the ACM International Conference on Computing Frontiers
Scalable TCAM-based regular expression matching with compressed finite automata
ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems
Pattern overlap in bit-parallel implementation of regular expression repetition quantifiers
International Journal of Security and Networks
Fast Regular Expression Matching Using Small TCAM
IEEE/ACM Transactions on Networking (TON)
| Hi-index | 0.00 |
Regular expression matching is a crucial task in several networking applications. Current implementations are based on one of two types of finite state machines. Non-deterministic finite automata (NFAs) have minimal storage demand but have high memory bandwidth requirements. Deterministic finite automata (DFAs) exhibit low and deterministic memory bandwidth requirements at the cost of increased memory space. It has already been shown how the presence of wildcards and repetitions of large character classes can render DFAs and NFAs impractical. Additionally, recent security-oriented rule-sets include patterns with advanced features, namely back-references, which add to the expressive power of traditional regular expressions and cannot therefore be supported through classical finite automata. In this work, we propose and evaluate an extended finite automaton designed to address these shortcomings. First, the automaton provides an alternative approach to handle character repetitions that limits memory space and bandwidth requirements. Second, it supports back-references without the need for back-tracking in the input string. In our discussion of this proposal, we address practical implementation issues and evaluate the automaton on real-world rule-sets. To our knowledge, this is the first high-speed automaton that can accommodate all the Perl-compatible regular expressions present in the Snort network intrusion and detection system.