Programming Techniques: Regular expression search algorithm
Communications of the ACM
An Empirical Study of Domain Knowledge and Its Benefits to Substructure Discovery
IEEE Transactions on Knowledge and Data Engineering
GraphDB: Modeling and Querying Graphs in Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Path sharing and predicate evaluation for high-performance XML filtering
ACM Transactions on Database Systems (TODS)
Operational experiences with high-volume network intrusion detection
Proceedings of the 11th ACM conference on Computer and communications security
NFA reduction algorithms by means of regular inequalities
Theoretical Computer Science - Developments in language theory
Theoretical Computer Science
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Advanced algorithms for fast and scalable deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Minimizing nfa's and regular expressions
Journal of Computer and System Sciences
Compiling PCRE to FPGA for accelerating SNORT IDS
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Larrabee: a many-core x86 architecture for visual computing
ACM SIGGRAPH 2008 papers
A hybrid finite automaton for practical deep packet inspection
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
XFA: Faster Signature Matching with Extended Automata
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Deflating the big bang: fast and scalable deep packet inspection with extended finite automata
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
High-performance regular expression scanning on the Cell/B.E. processor
Proceedings of the 23rd international conference on Supercomputing
Extending finite automata to efficiently match Perl-compatible regular expressions
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Scalable HMM based inference engine in large vocabulary continuous speech recognition
ICME'09 Proceedings of the 2009 IEEE international conference on Multimedia and Expo
iNFAnt: NFA pattern matching on GPGPU devices
ACM SIGCOMM Computer Communication Review
Evaluating regular expression matching engines on network and general purpose processors
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Improving NFA-based signature matching using ordered binary decision diagrams
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
A Performance and Area Efficient Architecture for Intrusion Detection Systems
IPDPS '11 Proceedings of the 2011 IEEE International Parallel & Distributed Processing Symposium
Hi-index | 0.00 |
Deep Packet Inspection (DPI) serves as a major tool for Network Intrusion Detection Systems (NIDS) for matching datagram payloads to a set of known patterns that indicate suspicious or malicious behavior. Regular expressions offer rich context for describing these patterns. Unfortunately, large rule sets containing thousands of patterns coupled with high link-speeds leave most regular expression matching methods incapable of matching at real-time without specialized hardware. We present GPP-grep, an NFA-based regular expression processing engine designed for maximum performance on General Purpose Processors. The primary contribution of GPP-grep is the utilization of the data-level parallelism available in modern CPUs to reduce the overhead incurred when tracking multiple states in NFA. In essence, we build and store the NFA in an architecture-friendly manner that exploits locality and then traverse the NFA maximizing the parallelism available and minimizing cache-misses and long-latency memory lookups. GPPgrep demonstrates 24---57× improvement in throughput over standard finite automata techniques on a set of up to 1200 regular-expressions culled from the NIDS Snort, and is within 1.3× of FPGA hardware-based techniques. GPP-grep achieves 2Gbps throughput on a dual-socket commodity CPU system allowing for line-speed evaluation on commodity hardware.