Space-time tradeoffs in software-based deep Packet Inspection

Deep Packet Inspection (DPI) lies at the core of contemporary Network Intrusion Detection/Prevention Systems and Web Application Firewalls. DPI aims to identify various malware (including spam and viruses) by inspecting both the header and the payload of each packet and comparing it to a known set of patterns. DPI is often performed on the critical path of the packet processing, thus the overall performance of the security tools is dominated by the speed of DPI.

[1]  Somesh Jha,et al.  Backtracking Algorithmic Complexity Attacks against a NIDS , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[2]  Wei Lin,et al.  Pipelined Parallel AC-Based Approach for Multi-String Matching , 2008, 2008 14th IEEE International Conference on Parallel and Distributed Systems.

[3]  Anat Bremler-Barr,et al.  Protecting Bursty Applications Against Traffic Aggressiveness , 2006, 200614th IEEE International Workshop on Quality of Service.

[4]  Anat Bremler-Barr,et al.  CompactDFA: Generic State Machine Compression for Scalable Pattern Matching , 2010, 2010 Proceedings IEEE INFOCOM.

[5]  Y. Weinsberg,et al.  High performance string matching algorithm for a network intrusion prevention system (NIPS) , 2006, 2006 Workshop on High Performance Switching and Routing.

[6]  Yuting Zhang,et al.  Reduction of quality (RoQ) attacks on Internet end-systems , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[7]  Patrick Crowley,et al.  An improved algorithm to accelerate regular expression evaluation , 2007, ANCS '07.

[8]  Wei Lin,et al.  Pipelined Architecture for Multi-String Matching , 2008, IEEE Computer Architecture Letters.

[9]  Dan S. Wallach,et al.  Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.

[10]  Patrick Crowley,et al.  Algorithms to accelerate multiple regular expressions matching for deep packet inspection , 2006, SIGCOMM.

[11]  Timothy Sherwood,et al.  Architectures for Bit-Split String Scanning in Intrusion Detection , 2006, IEEE Micro.

[12]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[13]  Jan van Lunteren,et al.  High-Performance Pattern-Matching for Intrusion Detection , 2006, INFOCOM.

[14]  M. D. McIlroy A killer adversary for quicksort , 1999 .

[15]  T. V. Lakshman,et al.  Gigabit rate packet pattern-matching using TCAM , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[16]  M. V. Wilkes,et al.  The Art of Computer Programming, Volume 3, Sorting and Searching , 1974 .

[17]  David A. Huffman,et al.  A method for the construction of minimum-redundancy codes , 1952, Proceedings of the IRE.

[18]  Patrick Crowley,et al.  HEXA: Compact Data Structures for Faster Packet Processing , 2007, 2007 IEEE International Conference on Network Protocols.

[19]  Anat Bremler-Barr,et al.  Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[20]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[21]  Patrick Crowley,et al.  Algorithms to accelerate multiple regular expressions matching for deep packet inspection , 2006, SIGCOMM 2006.