Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th international conference on World Wide Web
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Fast Regular Expression Matching Using FPGAs
FCCM '01 Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
A High Throughput String Matching Architecture for Intrusion Detection and Prevention
Proceedings of the 32nd annual international symposium on Computer Architecture
A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching
Proceedings of the 33rd annual international symposium on Computer Architecture
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Advanced algorithms for fast and scalable deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices (The Morgan Kaufmann Series in Networking)
Compiling PCRE to FPGA for accelerating SNORT IDS
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
An improved algorithm to accelerate regular expression evaluation
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
A hybrid finite automaton for practical deep packet inspection
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Deflating the big bang: fast and scalable deep packet inspection with extended finite automata
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
An improved DFA for fast regular expression matching
ACM SIGCOMM Computer Communication Review
Efficient signature matching with multiple alphabet compression tables
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Efficient regular expression evaluation: theory to practice
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Extending finite automata to efficiently match Perl-compatible regular expressions
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
A Multi-dimensional Progressive Perfect Hashing for High-Speed String Matching
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
Picking pesky parameters: optimizing regular expression matching in practice
ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems
| Hi-index | 0.00 |
Modern network intrusion detection systems need to perform regular expression matching at line rate in order to detect the occurrence of critical patterns in packet payloads. While Deterministic Finite Automata (DFAs) allow this operation to be performed in linear time, they may exhibit prohibitive memory requirements. Kumar et al. [2006a] have proposed Delayed Input DFAs (D2FAs), which provide a trade-off between the memory requirements of the compressed DFA and the number of states visited for each character processed, which in turn affects the memory bandwidth required to evaluate regular expressions. In this article we introduce Amortized time − bandwidth overhead DFAs (A − DFAs), a general compression technique that results in at most N(k + 1)/k state traversals when processing a string of length N, k being a positive integer. In comparison to the D2FA approach, our technique achieves comparable levels of compression with lower provable bounds on memory bandwidth (or greater compression for a given bandwidth bound). Moreover, the A-DFA algorithm has lower complexity, can be applied during DFA creation, and is suitable for scenarios where a compressed DFA needs to be dynamically built or updated. Finally, we show how to combine A-DFA with alphabet reduction and multistride DFAs, two techniques aimed at reducing the memory space and bandwidth requirement of DFAs, and discuss memory encoding schemes suitable for A-DFAs.