Abstract
Packet content scanning at high speed has become extremely important due to its applications in network security, network monitoring, HTTP load balancing, etc. In content scanning, the packet payload is compared to a set of patterns specified as regular expressions. In this chapter, we first describe the typical patterns used in packet-scanning applications and show that for some of these patterns the memory requirements can be prohibitively high when traditional matching methods are used. We then review techniques for efficient regular expression matching and explore regular expression rewrite techniques that can significantly reduce memory usage. Based on new rewrite insights, we propose guidelines for pattern writers to make matching fast and practical. Furthermore, we discuss deterministic finite automaton (DFA) link compression techniques and review algorithms and data structures that are specifically designed for matching regular expressions in networking applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bro intrusion detection system. http://bro-ids.org/Overview.html.
Gnu grep tool. http://www.gnu.org/software/grep/.
Snort network intrusion detection system. http://www.snort.org.
A. V. Aho, R. Sethi, and J. D. Ullman. Compilers: principles, techniques, and tools. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1986.
Y. Diao, M. Altinel, M. J. Franklin, H. Zhang, and P. Fischer. Path sharing and predicate evaluation for high-performance xml filtering. ACM Trans. Database Syst., 28(4):467–516, 2003.
T. J. Green, A. Gupta, G. Miklau, M. Onizuka, and D. Suciu. Processing xml streams with deterministic automata and stream indexes. ACM Trans. Database Syst., 29(4):752–788, 2004.
T. J. Green, A. Gupta, G. Miklau, M. Onizuka, and D. Suciu. Processing xml streams with deterministic automata and stream indexes. ACM Trans. Database Syst., 29(4):752–788, 2004.
J. E. Hopcroft, R. Motwani, and J. D. Ullman. Introduction to Automata Theory, Languages, and Computation (3rd Edition). Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2006.
T. Johnson, S. Muthukrishnan, and I. Rozenbaum. Monitoring regular expressions on out-of-order streams. In ICDE, 2007.
S. Kumar, B. Chandrasekaran, J. Turner, and G. Varghese. Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia. In ANCS ’07: Proceedings of the 2007 ACM/IEEE Symposium on Architecture for networking and communications systems, pages 155–164, 2007.
S. Kumar, S. Dharmapurikar, F. Yu, P. Crowley, and J. Turner. Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In SIGCOMM ’06: Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, pages 339–350, 2006.
J. Levandoski, E. Sommer, and M. Strait. Application layer packet classifier for linux. http://l7-filter.sourceforge.net/.
V. Paxson. Flex: A fast scanner generator. http://dinosaur.compilertools.net/flex/index.html.
R. Sommer and V. Paxson. Enhancing byte-level network intrusion detection signatures with context. In CCS ’03: Proceedings of the 10th ACM conference on Computer and communications security, pages 262–271, 2003.
Venkat. Yahoo messenger protocol. http://www.venkydude.com/articles/yahoo.htm/.
F. Yu, Z. Chen, Y. Diao, T. V. Lakshman, and R. H. Katz. Fast and memory-efficient regular expression matching for deep packet inspection. In ANCS ’06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems, pages 93–102, 2006.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag London Limited
About this chapter
Cite this chapter
Yu, F., Diao, Y., Katz, R.H., Lakshman, T.V. (2010). Fast Packet Pattern-Matching Algorithms. In: Cormode, G., Thottan, M. (eds) Algorithms for Next Generation Networks. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-84882-765-3_10
Download citation
DOI: https://doi.org/10.1007/978-1-84882-765-3_10
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-84882-764-6
Online ISBN: 978-1-84882-765-3
eBook Packages: Computer ScienceComputer Science (R0)