GPP-Grep: high-speed regular expression processing engine on general purpose processors

Authors:
Victor C. Valgenti;Jatin Chhugani;Yan Sun;Nadathur Satish;Min Sik Kim;Changkyu Kim;Pradeep Dubey
Affiliations:
School of EECS, Washington State University;Parallel Computing Lab, Intel Corporation;School of EECS, Washington State University;Parallel Computing Lab, Intel Corporation;School of EECS, Washington State University;Parallel Computing Lab, Intel Corporation;Parallel Computing Lab, Intel Corporation
Venue:
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Year:
2012

Citing 26
Cited 0

Programming Techniques: Regular expression search algorithm

Communications of the ACM
An Empirical Study of Domain Knowledge and Its Benefits to Substructure Discovery

IEEE Transactions on Knowledge and Data Engineering
GraphDB: Modeling and Querying Graphs in Databases

VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Path sharing and predicate evaluation for high-performance XML filtering

ACM Transactions on Database Systems (TODS)
Operational experiences with high-volume network intrusion detection

Proceedings of the 11th ACM conference on Computer and communications security
NFA reduction algorithms by means of regular inequalities

Theoretical Computer Science - Developments in language theory
Erratum to "NFA reduction algorithms by means of regular inequalities" [Theoret. Comput. Sci. 327(2004) 241-253]

Theoretical Computer Science
Algorithms to accelerate multiple regular expressions matching for deep packet inspection

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Advanced algorithms for fast and scalable deep packet inspection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Fast and memory-efficient regular expression matching for deep packet inspection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Minimizing nfa's and regular expressions

Journal of Computer and System Sciences
Compiling PCRE to FPGA for accelerating SNORT IDS

Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Larrabee: a many-core x86 architecture for visual computing

ACM SIGGRAPH 2008 papers
A hybrid finite automaton for practical deep packet inspection

CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
XFA: Faster Signature Matching with Extended Automata

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Deflating the big bang: fast and scalable deep packet inspection with extended finite automata

Proceedings of the ACM SIGCOMM 2008 conference on Data communication
High-performance regular expression scanning on the Cell/B.E. processor

Proceedings of the 23rd international conference on Supercomputing
Extending finite automata to efficiently match Perl-compatible regular expressions

CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Scalable HMM based inference engine in large vocabulary continuous speech recognition

ICME'09 Proceedings of the 2009 IEEE international conference on Multimedia and Expo
Tools for Very Fast Regular Expression Matching

Computer
iNFAnt: NFA pattern matching on GPGPU devices

ACM SIGCOMM Computer Communication Review
Evaluating regular expression matching engines on network and general purpose processors

Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Improving NFA-based signature matching using ordered binary decision diagrams

RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Fast regular expression matching using small TCAMs for network intrusion detection and prevention systems

USENIX Security'10 Proceedings of the 19th USENIX conference on Security
A Performance and Area Efficient Architecture for Intrusion Detection Systems

IPDPS '11 Proceedings of the 2011 IEEE International Parallel & Distributed Processing Symposium

Quantified Score

Hi-index	0.00

Visualization

Abstract

Deep Packet Inspection (DPI) serves as a major tool for Network Intrusion Detection Systems (NIDS) for matching datagram payloads to a set of known patterns that indicate suspicious or malicious behavior. Regular expressions offer rich context for describing these patterns. Unfortunately, large rule sets containing thousands of patterns coupled with high link-speeds leave most regular expression matching methods incapable of matching at real-time without specialized hardware. We present GPP-grep, an NFA-based regular expression processing engine designed for maximum performance on General Purpose Processors. The primary contribution of GPP-grep is the utilization of the data-level parallelism available in modern CPUs to reduce the overhead incurred when tracking multiple states in NFA. In essence, we build and store the NFA in an architecture-friendly manner that exploits locality and then traverse the NFA maximizing the parallelism available and minimizing cache-misses and long-latency memory lookups. GPPgrep demonstrates 24---57× improvement in throughput over standard finite automata techniques on a set of up to 1200 regular-expressions culled from the NIDS Snort, and is within 1.3× of FPGA hardware-based techniques. GPP-grep achieves 2Gbps throughput on a dual-socket commodity CPU system allowing for line-speed evaluation on commodity hardware.