Effective partial redundancy elimination
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Efficient multiway radix search trees
Information Processing Letters
DPF: fast, flexible message demultiplexing using dynamic code generation
Conference proceedings on Applications, technologies, architectures, and protocols for computer communications
The art of computer programming, volume 3: (2nd ed.) sorting and searching
The art of computer programming, volume 3: (2nd ed.) sorting and searching
BPF+: exploiting global data-flow optimization in a generalized packet filter architecture
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Introduction to Automata Theory, Languages and Computability
Introduction to Automata Theory, Languages and Computability
Modern Compiler Implementation in Java
Modern Compiler Implementation in Java
Path Profile Guided Partial Redundancy Elimination Using Speculation
ICCL '98 Proceedings of the 1998 International Conference on Computer Languages
Profiling and Optimization of Software-Based Network-Analysis Applications
SBAC-PAD '03 Proceedings of the 15th Symposium on Computer Architecture and High Performance Computing
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Advanced algorithms for fast and scalable deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
FFPF: fairly fast packet filters
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
nCap: wire-speed packet capture and transmission
E2EMON '05 Proceedings of the End-to-End Monitoring Techniques and Services on 2005. Workshop
The BSD packet filter: a new architecture for user-level packet capture
USENIX'93 Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings
Array bounds check elimination for the Java HotSpot™ client compiler
Proceedings of the 5th international symposium on Principles and practice of programming in Java
Ruler: high-speed packet matching and rewriting on NPUs
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
An improved algorithm to accelerate regular expression evaluation
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
A hybrid finite automaton for practical deep packet inspection
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Swift: a fast dynamic packet filter
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
XFA: Faster Signature Matching with Extended Automata
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Efficient regular expression evaluation: theory to practice
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
NetPDL: An extensible XML-based language for packet header description
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
We propose a stateless packet filtering technique based on finite-state automata (FSA). FSAs provide a comprehensive framework with well-defined composition operations that enable the generation of stateless filters from high-level specifications and their compilation into efficient executable code without resorting to various opportunistic optimization algorithms. In contrast with most traditional approaches, memory safety and termination can be enforced with minimal run-time overhead even in cyclic filters, thus enabling full parsing of complex protocols and supporting recursive encapsulation relationships. Experimental evidence shows that this approach is viable and improves the state of the art in terms of filter flexibility, performance, and scalability without incurring in the most common FSA deficiencies, such as state-space explosion.