Advanced algorithms for fast and scalable deep packet inspection

Authors:
Sailesh Kumar;Jonathan Turner;John Williams
Affiliations:
Washington University;Washington University;Cisco Systems
Venue:
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Year:
2006

Citing 16
Cited 38

Average-case analysis of algorithms for matchings and related problems

Journal of the ACM (JACM)
Efficient string matching: an aid to bibliographic search

Communications of the ACM
Introduction To Automata Theory, Languages, And Computation

Introduction To Automata Theory, Languages, And Computation
A String Matching Algorithm Fast on the Average

Proceedings of the 6th Colloquium, on Automata, Languages and Programming
Space Efficient Hash Tables with Worst Case Constant Access Time

STACS '03 Proceedings of the 20th Annual Symposium on Theoretical Aspects of Computer Science
Granidt: Towards Gigabit Rate Network Intrusion Detection Technology

FPL '02 Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications
Implementation of a Content-Scanning Module for an Internet Firewall

FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Enhancing byte-level network intrusion detection signatures with context

Proceedings of the 10th ACM conference on Computer and communications security
Generating realistic workloads for network intrusion detection systems

WOSP '04 Proceedings of the 4th international workshop on Software and performance
Deep Packet Filter with Dedicated Logic and Read Only Memories

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Fast Regular Expression Matching Using FPGAs

FCCM '01 Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
A High Throughput String Matching Architecture for Intrusion Detection and Prevention

Proceedings of the 32nd annual international symposium on Computer Architecture
Algorithms to accelerate multiple regular expressions matching for deep packet inspection

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Deep Packet Inspection using Parallel Bloom Filters

IEEE Micro

Ruler: high-speed packet matching and rewriting on NPUs

Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
An improved algorithm to accelerate regular expression evaluation

Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Regular Expression Matching in Reconfigurable Hardware

Journal of Signal Processing Systems
A hybrid finite automaton for practical deep packet inspection

CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Deflating the big bang: fast and scalable deep packet inspection with extended finite automata

Proceedings of the ACM SIGCOMM 2008 conference on Data communication
An improved DFA for fast regular expression matching

ACM SIGCOMM Computer Communication Review
Efficient signature matching with multiple alphabet compression tables

Proceedings of the 4th international conference on Security and privacy in communication netowrks
Efficient regular expression evaluation: theory to practice

Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
A scalable multithreaded L7-filter design for multi-core servers

Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Extending finite automata to efficiently match Perl-compatible regular expressions

CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
PLUG: flexible lookup modules for rapid deployment of new protocols in high-speed routers

Proceedings of the ACM SIGCOMM 2009 conference on Data communication
DFA-based and SIMD NFA-based regular expression matching on cell BE for fast network traffic filtering

Proceedings of the 2nd international conference on Security of information and networks
APFA: Asynchronous Parallel Finite Automaton for Deep Packet Inspection in Cloud Computing

CloudCom '09 Proceedings of the 1st International Conference on Cloud Computing
Slimming down Deep packet inspection systems

INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
Second-order differential encoding of deterministic finite automata

GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Compact DFA structure for multiple regular expressions matching

ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Accelerating the bit-split string matching algorithm using Bloom filters

Computer Communications
Design and implementation of the PLUG architecture for programmable and efficient network lookups

Proceedings of the 19th international conference on Parallel architectures and compilation techniques
Range hash for regular expression pre-filtering

Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
LaFA: lookahead finite automata for scalable regular expression detection

Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
An adaptive hash-based multilayer scheduler for L7-filter on a highly threaded hierarchical multi-core server

Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Divide and discriminate: algorithm for deterministic and fast hash lookups

Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
An ultra high throughput and memory efficient pipeline architecture for multi-match packet classification without TCAMs

Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
LaFA: lookahead finite automata for scalable regular expression detection

Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Network DVR: a programmable framework for application-aware trace collection

PAM'10 Proceedings of the 11th international conference on Passive and active measurement
Fast regular expression matching using small TCAMs for network intrusion detection and prevention systems

USENIX Security'10 Proceedings of the 19th USENIX conference on Security
SPAF: stateless FSA-based packet filters

IEEE/ACM Transactions on Networking (TON)
Differential encoding of DFAs for fast regular expression matching

IEEE/ACM Transactions on Networking (TON)
Managing DFA History with Queue for Deflation DFA

Journal of Network and Systems Management
Scalable lookahead regular expression detection system for deep packet inspection

IEEE/ACM Transactions on Networking (TON)
Deep packet inspection tools and techniques in commodity platforms: Challenges and trends

Journal of Network and Computer Applications
GPP-Grep: high-speed regular expression processing engine on general purpose processors

RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
A-DFA: A Time- and Space-Efficient DFA Compression Algorithm for Fast Regular Expression Evaluation

ACM Transactions on Architecture and Code Optimization (TACO)
Designing a Programmable Wire-Speed Regular-Expression Matching Accelerator

MICRO-45 Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture
GPU acceleration of regular expression matching for large datasets: exploring the implementation space

Proceedings of the ACM International Conference on Computing Frontiers
Scalable TCAM-based regular expression matching with compressed finite automata

ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems
Fast Regular Expression Matching Using Small TCAM

IEEE/ACM Transactions on Networking (TON)
A regular expression matching engine with hybrid memories

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

Modern deep packet inspection systems use regular expressions to define various patterns of interest in network data streams. Deterministic Finite Automata (DFA) are commonly used to parse regular expressions. DFAs are fast, but can require prohibitively large amounts of memory for patterns arising in network applications. Traditional DFA table compression only slightly reduces the memory required and requires an additional memory access per input character. Alternative representations of regular expressions, such as NFAs and Delayed Input DFAs (D2FA) require less memory but sacrifice throughput. In this paper we introduce the Content Addressed Delayed Input DFA (CD2FA), which provides a compact representation of regular expressions that match the throughput of traditional uncompressed DFAs. A CD2FA addresses successive states of a D2FA using their content, rather than a "content-less" identifier. This makes selected information available earlier in the state traversal process, which makes it possible to avoid unnecessary memory accesses. We demonstrate that such content-addressing can be effectively used to obtain automata that are very compact and can achieve high throughput. Specifically, we show that for an application using thousands of patterns defined by regular expressions, CD2FAs use as little as 10% of the space required by a conventional compressed DFA, and match the throughput of an uncompressed DFA.