A Comparative Study on DFA-Based Pattern Matching for Deep Packet Inspection

Most of the network security applications in today's networks are based on Deep Packet Inspection (DPI). It is a form of computer network packet filtering that examines not only the header portion but also the payload part of a packet as it passes through an inspection point, searching for protocol noncompliance, viruses, Spam, intrusions or some predefined criteria to decide if the packet can pass it or it needs to be routed to a different destination. Most of the systems that perform deep packet inspection implement basic string matching algorithms to match packets against large but finite strings. However, there is growing interest in the use of regular expression-based pattern matching, since regular expressions offer superior expressive power. DFA is employed to implement regular expression matching. DFA representations of a regular expression sets in network applications require large amounts of memory, limiting their practical application. This paper presents an analysis of different compact representation of DFA such as D2FA, δFA, δ2FA.

[1]  Patrick Crowley,et al.  An improved algorithm to accelerate regular expression evaluation , 2007, ANCS '07.

[2]  Stefano Giordano,et al.  Differential Encoding of DFAs for Fast Regular Expression Matching , 2011, IEEE/ACM Transactions on Networking.

[3]  Ron K. Cytron,et al.  A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[4]  Patrick Crowley,et al.  A hybrid finite automaton for practical deep packet inspection , 2007, CoNEXT '07.

[5]  Stefano Giordano,et al.  An improved DFA for fast regular expression matching , 2008, CCRV.

[6]  Stefano Giordano,et al.  Second-Order Differential Encoding of Deterministic Finite Automata , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[7]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[8]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[9]  Jonathan S. Turner,et al.  Advanced algorithms for fast and scalable deep packet inspection , 2006, 2006 Symposium on Architecture For Networking And Communications Systems.

[10]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[11]  George Varghese,et al.  Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia , 2007, ANCS '07.

[12]  Somesh Jha,et al.  Deflating the big bang: fast and scalable deep packet inspection with extended finite automata , 2008, SIGCOMM '08.

[13]  Patrick Crowley,et al.  Algorithms to accelerate multiple regular expressions matching for deep packet inspection , 2006, SIGCOMM.

[14]  Patrick Crowley,et al.  Efficient regular expression evaluation: theory to practice , 2008, ANCS '08.

[15]  Jan Koÿ Fast Regular Expression Matching Using FPGA , 2010 .

[16]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).