Benchmarking of compressed DFAs for traffic identification: Decoupling data structures from models

Current network traffic analysis systems heavily rely on Deep Packet Inspection (DPI) techniques, such as Finite Automata (FA), to detect patterns carried by regular expression (regex). However, traditional Finite Automata cannot keep up with the ever-growing speed of the Internet links. Although there are a number of efficient FA compressing mechanisms for DPIs, there is no standardized or common way to evaluate and compare them. In this scenario, this paper proposes a methodology to evaluate and compare automaton models and the data-structures that materialize them. We also adapt state-of-the-art memory layouts to better fit in today's computer architectures. Finally, we apply our methodology to most important automaton models, memory layouts, and well-known signature sets. The results show us that some memory layouts are not efficient for regexes that represent small automata and other ones which fit only with uncompressed automata. Further, we also found out that theoretical studies about memory usage from memory encodings are not as accurate as they should be.

[1]  Patrick Crowley,et al.  An improved algorithm to accelerate regular expression evaluation , 2007, ANCS '07.

[2]  T. V. Lakshman,et al.  Fast and memory-efficient regular expression matching for deep packet inspection , 2006, 2006 Symposium on Architecture For Networking And Communications Systems.

[3]  Patrick Crowley,et al.  Algorithms to accelerate multiple regular expressions matching for deep packet inspection , 2006, SIGCOMM.

[4]  Patrick Crowley,et al.  Efficient regular expression evaluation: theory to practice , 2008, ANCS '08.

[5]  Li Guo,et al.  An efficient regular expressions compression algorithm from a new perspective , 2011, 2011 Proceedings IEEE INFOCOM.

[6]  Somesh Jha,et al.  XFA: Faster Signature Matching with Extended Automata , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[7]  Stefano Giordano,et al.  An improved DFA for fast regular expression matching , 2008, CCRV.

[8]  Stefano Giordano,et al.  Differential Encoding of DFAs for Fast Regular Expression Matching , 2011, IEEE/ACM Transactions on Networking.

[9]  Patrick Crowley,et al.  A workload for evaluating deep packet inspection architectures , 2008, 2008 IEEE International Symposium on Workload Characterization.

[10]  Kai Wang,et al.  Reorganized and Compact DFA for Efficient Regular Expression Matching , 2011, 2011 IEEE International Conference on Communications (ICC).

[11]  Judith Kelner,et al.  Characterizing signature sets for testing DPI systems , 2011, 2011 IEEE GLOBECOM Workshops (GC Wkshps).

[12]  Xiaofei Wang,et al.  Cache-Based Scalable Deep Packet Inspection with Predictive Automaton , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[13]  Anat Bremler-Barr,et al.  Space-time tradeoffs in software-based deep Packet Inspection , 2011, 2011 IEEE 12th International Conference on High Performance Switching and Routing.

[14]  Wei Zhang,et al.  A Memory Efficient Multiple Pattern Matching Architecture for Network Security , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[15]  Stefano Giordano,et al.  On the use of compressed DFAs for packet classification , 2010, 2010 15th IEEE International Workshop on Computer Aided Modeling, Analysis and Design of Communication Links and Networks (CAMAD).

[16]  Benfano Soewito,et al.  Deep packet pre-filtering and finite state encoding for adaptive intrusion detection system , 2011, Comput. Networks.

[17]  VespaLucas,et al.  Deterministic finite automata characterization and optimization for scalable pattern matching , 2011 .

[18]  Benfano Soewito,et al.  Optimized memory based accelerator for scalable pattern matching , 2009, Microprocess. Microsystems.

[19]  Judith Kelner,et al.  Deterministic Finite Automaton for scalable traffic identification: The power of compressing by range , 2012, 2012 IEEE Network Operations and Management Symposium.

[20]  Lucas Vespa,et al.  Deterministic finite automata characterization and optimization for scalable pattern matching , 2011, TACO.