Accelerating the bit-split string matching algorithm using Bloom filters

Authors:
Kun Huang;Dafang Zhang;Zheng Qin
Affiliations:
Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, PR China;School of Computer and Communication, Hunan University, Changsha, Hunan Province 410082, PR China and School of Software, Hunan University, Changsha, Hunan Province 410082, PR China;School of Software, Hunan University, Changsha, Hunan Province 410082, PR China
Venue:
Computer Communications
Year:
2010

Citing 27
Cited 2

Efficient Hardware Hashing Functions for High Performance Computers

IEEE Transactions on Computers
Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking
A fast string searching algorithm

Communications of the ACM
Efficient string matching: an aid to bibliographic search

Communications of the ACM
Space/time trade-offs in hash coding with allowable errors

Communications of the ACM
A String Matching Algorithm Fast on the Average

Proceedings of the 6th Colloquium, on Automata, Languages and Programming
How to Own the Internet in Your Spare Time

Proceedings of the 11th USENIX Security Symposium
Time and area efficient pattern matching on FPGAs

FPGA '04 Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays
Accurate, scalable in-network identification of p2p traffic using application signatures

Proceedings of the 13th international conference on World Wide Web
A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Scalable Pattern Matching for High Speed Networks

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Gigabit Rate Packet Pattern-Matching Using TCAM

ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Fast hash table lookup using extended bloom filter: an aid to network processing

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Fast and scalable pattern matching for content filtering

Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Bit-split string-matching engines for intrusion detection and prevention

ACM Transactions on Architecture and Code Optimization (TACO)
Algorithms to accelerate multiple regular expressions matching for deep packet inspection

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Efficient memory utilization on network processors for deep packet inspection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Advanced algorithms for fast and scalable deep packet inspection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Fast and memory-efficient regular expression matching for deep packet inspection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Automated worm fingerprinting

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
High Speed Pattern Matching for Network IDS/IPS

ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
XFA: Faster Signature Matching with Extended Automata

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Deflating the big bang: fast and scalable deep packet inspection with extended finite automata

Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Deep Packet Inspection using Parallel Bloom Filters

IEEE Micro
A Memory-Efficient Parallel String Matching Architecture for High-Speed Intrusion Detection

IEEE Journal on Selected Areas in Communications

String alignment pre-detection using unique subsequences for FPGA-based network intrusion detection

Computer Communications
L-priorities bloom filter: A new member of the bloom filter family

International Journal of Automation and Computing

Quantified Score

Hi-index	0.24

Visualization

Abstract

Deep Packet Inspection (DPI) is essential for network security to scan both packet header and payload to search for predefined signatures. As link rates and traffic volumes of Internet are constantly growing, string matching using Deterministic Finite Automaton (DFA) will be the performance bottleneck of DPI. The recently proposed bit-split string matching algorithm suffers from the unnecessary state transitions problem. The root cause lies in the fact that the bit-split algorithm makes pattern matching in a ''not seeing the forest for trees'' approach, where each tiny DFA only processes a b-bit substring of each input character, but cannot check whether the entire character belongs to the alphabet of original DFA. This paper presents a byte- filtered string matching algorithm, where Bloom filters are used to preprocess each character of every incoming packet to check whether the character belongs to the original alphabet, before performing bit- split string matching. If not, each tiny DFA either makes a transition to its initial state or stops any state transition. Experimental results demonstrate that compared with the bit- split algorithm, our byte-filtered algorithm enormously reduces the string matching time as well as the number of state transitions of tiny DFAs on both synthetic and real signature rule sets.