Skip to main content
SpringerLink
Log in

Fast Packet Pattern-Matching Algorithms

  • Chapter
  • First Online:
Algorithms for Next Generation Networks

Part of the book series: Computer Communications and Networks ((CCN))

Abstract

Packet content scanning at high speed has become extremely important due to its applications in network security, network monitoring, HTTP load balancing, etc. In content scanning, the packet payload is compared to a set of patterns specified as regular expressions. In this chapter, we first describe the typical patterns used in packet-scanning applications and show that for some of these patterns the memory requirements can be prohibitively high when traditional matching methods are used. We then review techniques for efficient regular expression matching and explore regular expression rewrite techniques that can significantly reduce memory usage. Based on new rewrite insights, we propose guidelines for pattern writers to make matching fast and practical. Furthermore, we discuss deterministic finite automaton (DFA) link compression techniques and review algorithms and data structures that are specifically designed for matching regular expressions in networking applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This study is based on the use of exhaustive matching and one-pass search defined in [16].

  2. 2.

    The techniques presented in this chapter assume packets are reassembled into a stream before checking for patterns. For pattern matching on out of order packets, please refer to [9].

References

  1. Bro intrusion detection system. http://bro-ids.org/Overview.html.

  2. Gnu grep tool. http://www.gnu.org/software/grep/.

  3. Snort network intrusion detection system. http://www.snort.org.

  4. A. V. Aho, R. Sethi, and J. D. Ullman. Compilers: principles, techniques, and tools. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1986.

    Google Scholar 

  5. Y. Diao, M. Altinel, M. J. Franklin, H. Zhang, and P. Fischer. Path sharing and predicate evaluation for high-performance xml filtering. ACM Trans. Database Syst., 28(4):467–516, 2003.

    Article  Google Scholar 

  6. T. J. Green, A. Gupta, G. Miklau, M. Onizuka, and D. Suciu. Processing xml streams with deterministic automata and stream indexes. ACM Trans. Database Syst., 29(4):752–788, 2004.

    Article  Google Scholar 

  7. T. J. Green, A. Gupta, G. Miklau, M. Onizuka, and D. Suciu. Processing xml streams with deterministic automata and stream indexes. ACM Trans. Database Syst., 29(4):752–788, 2004.

    Article  Google Scholar 

  8. J. E. Hopcroft, R. Motwani, and J. D. Ullman. Introduction to Automata Theory, Languages, and Computation (3rd Edition). Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2006.

    Google Scholar 

  9. T. Johnson, S. Muthukrishnan, and I. Rozenbaum. Monitoring regular expressions on out-of-order streams. In ICDE, 2007.

    Google Scholar 

  10. S. Kumar, B. Chandrasekaran, J. Turner, and G. Varghese. Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia. In ANCS ’07: Proceedings of the 2007 ACM/IEEE Symposium on Architecture for networking and communications systems, pages 155–164, 2007.

    Google Scholar 

  11. S. Kumar, S. Dharmapurikar, F. Yu, P. Crowley, and J. Turner. Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In SIGCOMM ’06: Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, pages 339–350, 2006.

    Google Scholar 

  12. J. Levandoski, E. Sommer, and M. Strait. Application layer packet classifier for linux. http://l7-filter.sourceforge.net/.

  13. V. Paxson. Flex: A fast scanner generator. http://dinosaur.compilertools.net/flex/index.html.

  14. R. Sommer and V. Paxson. Enhancing byte-level network intrusion detection signatures with context. In CCS ’03: Proceedings of the 10th ACM conference on Computer and communications security, pages 262–271, 2003.

    Google Scholar 

  15. Venkat. Yahoo messenger protocol. http://www.venkydude.com/articles/yahoo.htm/.

  16. F. Yu, Z. Chen, Y. Diao, T. V. Lakshman, and R. H. Katz. Fast and memory-efficient regular expression matching for deep packet inspection. In ANCS ’06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems, pages 93–102, 2006.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft Research Silicon Valley, 1065 La Avenida, Mountain View, CA, 94043, U.S.A.

    Fang Yu

  2. Department of Computer Science, University of Massachussets Amherst, 140 Governors Drive, Amherst, MA, 01003, U.S.A.

    Yanlei Diao

  3. Electrical Engineering and Computer Science Department, University of California Berkeley, Berkeley, CA, 94720, U.S.A.

    Randy H. Katz

  4. Bell-Labs, Alcatel-Lucent, 600 Mountain Avenue, Murray Hill, NJ, 07974, U.S.A.

    T. V. Lakshman

Authors
  1. Fang Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yanlei Diao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Randy H. Katz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. T. V. Lakshman
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fang Yu .

Editor information

Editors and Affiliations

  1. AT & T Labs Research, Park Ave. 180, Florham Park, 07932, U.S.A.

    Graham Cormode

  2. Networking Research Lab., Bell Labs, Mountain Ave. 600-700, Murray Hill, 07974, U.S.A.

    Marina Thottan

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag London Limited

About this chapter

Cite this chapter

Yu, F., Diao, Y., Katz, R.H., Lakshman, T.V. (2010). Fast Packet Pattern-Matching Algorithms. In: Cormode, G., Thottan, M. (eds) Algorithms for Next Generation Networks. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-84882-765-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-1-84882-765-3_10

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-84882-764-6

  • Online ISBN: 978-1-84882-765-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation