Efficient Hardware Hashing Functions for High Performance Computers
IEEE Transactions on Computers
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
A fast string searching algorithm
Communications of the ACM
Efficient string matching: an aid to bibliographic search
Communications of the ACM
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
A String Matching Algorithm Fast on the Average
Proceedings of the 6th Colloquium, on Automata, Languages and Programming
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Time and area efficient pattern matching on FPGAs
FPGA '04 Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays
Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th international conference on World Wide Web
A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Scalable Pattern Matching for High Speed Networks
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Gigabit Rate Packet Pattern-Matching Using TCAM
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Fast hash table lookup using extended bloom filter: an aid to network processing
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Fast and scalable pattern matching for content filtering
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Bit-split string-matching engines for intrusion detection and prevention
ACM Transactions on Architecture and Code Optimization (TACO)
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Efficient memory utilization on network processors for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Advanced algorithms for fast and scalable deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
High Speed Pattern Matching for Network IDS/IPS
ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
XFA: Faster Signature Matching with Extended Automata
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Deflating the big bang: fast and scalable deep packet inspection with extended finite automata
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
A Memory-Efficient Parallel String Matching Architecture for High-Speed Intrusion Detection
IEEE Journal on Selected Areas in Communications
L-priorities bloom filter: A new member of the bloom filter family
International Journal of Automation and Computing
Hi-index | 0.24 |
Deep Packet Inspection (DPI) is essential for network security to scan both packet header and payload to search for predefined signatures. As link rates and traffic volumes of Internet are constantly growing, string matching using Deterministic Finite Automaton (DFA) will be the performance bottleneck of DPI. The recently proposed bit-split string matching algorithm suffers from the unnecessary state transitions problem. The root cause lies in the fact that the bit-split algorithm makes pattern matching in a ''not seeing the forest for trees'' approach, where each tiny DFA only processes a b-bit substring of each input character, but cannot check whether the entire character belongs to the alphabet of original DFA. This paper presents a byte- filtered string matching algorithm, where Bloom filters are used to preprocess each character of every incoming packet to check whether the character belongs to the original alphabet, before performing bit- split string matching. If not, each tiny DFA either makes a transition to its initial state or stops any state transition. Experimental results demonstrate that compared with the bit- split algorithm, our byte-filtered algorithm enormously reduces the string matching time as well as the number of state transitions of tiny DFAs on both synthetic and real signature rule sets.