Skip to main content
SpringerLink
Log in

Fast and Scalable Regular Expressions Matching with Multi-Stride Index NFA

  • Conference paper
  • First Online:
Algorithms and Architectures for Parallel Processing (ICA3PP 2015)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9530))

Abstract

Regular expression matching plays an important role in modern Deep Packet Inspection (DPI) engines, to classify or filter packets by matching their payloads toward a series of pre-defined rules represented as regular expressions. Generally, finite automaton-based approaches are utilized to perform fast and scalable regular expression matching. Among those approaches, Deterministic Finite Automaton (DFA) has the fastest speed yet suffers from the state space explosion problem. By contrast, Nondeterministic Finite Automaton (NFA) can achieve the highest memory efficiency at the cost of complicated and thus low-speed matching process.Instead of seeking for a reasonable trade-off between memory efficiency and processing throughput from DFA, this paper chooses the NFA as the start point for optimization. Based on two important observations, a Multi-Stride Index (MSI) table is designed for pre-processing before going into the NFA. As the MSI table can filter most of unsuccessful matchings and thus significantly reduce the chance of processing on the NFA, the proposed MSI-NFA approach achieves a fast speed approximate to the DFA when processing real-world HTTP packets. As demonstrated in the experimental results, its speed is at most \(10\,\%\) lower than that of DFA. Moreover, the additional memory cost is as low as 20 KB compared with NFA.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A group of n continuous characters.

References

  1. Cisco IOS IPS (2015). http://www.cisco.com/

  2. Regular Expression Pocessor (2015). http://regex.wustl.edu

  3. Snort Website (2015). http://www.snort.org/

  4. TippingPoint IPS (2015). http://www.tippingpoint.com/

  5. Alicherry, M., Muthuprasanna, M., Kumar, V.: High speed pattern matching for network ids/ips. In: Proceedings of the 2006 14th IEEE International Conference on Network Protocols, 2006, ICNP 2006, pp. 187–196, November 2006

    Google Scholar 

  6. Brodie, B., Cytron, R., Taylor, D.: A scalable architecture for high-throughput regular-expression pattern matching. In: 33rd International Symposium on Computer Architecture, 2006, ISCA 2006, pp. 191–202, April 2006

    Google Scholar 

  7. Clark, C.R., Schimmel, D.E.: Efficient reconfigurable logic circuits for matching complex network intrusion detection patterns. In: Cheung, Peter Y.K., Constantinides, George A. (eds.) FPL 2003. LNCS, vol. 2778, pp. 956–959. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Clark, C., Schimmel, D.: Scalable pattern matching for high speed networks. In: 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2004, FCCM 2004, pp. 249–257, April 2004

    Google Scholar 

  9. Dharmapurikar, S., Lockwood, J.: Fast and scalable pattern matching for content filtering. In: Proceedings of the 2005 ACM Symposium on Architecture for Networking and Communications Systems, ANCS 2005, pp. 183–192. ACM (2005)

    Google Scholar 

  10. Hua, N., Song, H., Lakshman, T.: Variable-stride multi-pattern matching for scalable deep packet inspection. In: INFOCOM 2009. IEEE, April 2009

    Google Scholar 

  11. Kumar, S., Dharmapurikar, S., Yu, F., Crowley, P., Turner, J.: Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In: Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2006. ACM (2006)

    Google Scholar 

  12. Lu, H., Zheng, K., Liu, B., Zhang, X., Liu, Y.: A memory-efficient parallel string matching architecture for high-speed intrusion detection. IEEE J. Sel. Areas Commun. 24(10), 1793–1804 (2006)

    Article  Google Scholar 

  13. Luchaup, D., De Carli, L., Jha, S., Bach, E.: Deep packet inspection with dfa-trees and parametrized language overapproximation. In: INFOCOM, 2014 Proceedings IEEE, pp. 531–539, April 2014

    Google Scholar 

  14. Paxson, V.: Application Layer Packet Classifier for Linux (2008). http://l7-filter.sourceforge.net/. Accessed 19 July 2008

  15. Paxson, V., Asanović, K., Dharmapurikar, S., Lockwood, J., Pang, R., Sommer, R., Weaver, N.: Rethinking hardware support for network analysis and intrusion prevention. In: Proceedings of the 1st USENIX Workshop on Hot Topics in Security, p. 11 (2006)

    Google Scholar 

  16. Paxson, V.: Bro: A system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)

    Article  Google Scholar 

  17. Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of P2P traffic using application signatures. In: Proceedings of WWW.Manhantan. ACM (2004)

    Google Scholar 

  18. Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration (1999)

    Google Scholar 

  19. Sidhu, R., Prasanna, V.: Fast regular expression matching using fpgas. In: The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2001, FCCM 2001, pp. 227–238, March 2001

    Google Scholar 

  20. Smith, R., Estan, C., Jha, S.: Xfa: Faster signature matching with extended automata. In: IEEE Symposium on Security and Privacy, 2008, SP 2008, May 2008

    Google Scholar 

  21. Smith, R., Estan, C., Jha, S.: Deflating the big bang: fast and scalable deep packet inspection with extended finite automata. In: Proceedings of the ACM SIGCOMM 2008 Conference on Data Communication, SIGCOMM 2008. ACM (2008)

    Google Scholar 

  22. Sourdis, I., Pnevmatikatos, D.: Pre-decoded cams for efficient and high-speed nids pattern matching. In: 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2004, FCCM 2004, pp. 258–267, April 2004

    Google Scholar 

  23. Tan, L., Brotherton, B., Sherwood, T.: Bit-split string-matching engines for intrusion detection and prevention. ACM Trans. Archit. Code Optim. 3(1), 3–34 (2006)

    Article  Google Scholar 

  24. Yu, F., Chen, Z., Diao, Y., Lakshman, T., Katz, R.: Fast and memory-efficient regular expression matching for deep packet inspection. In: ACM/IEEE Symposium on Architecture for Networking and Communications systems, 2006, ANCS 2006, pp. 93–102, December 2006

    Google Scholar 

  25. Yu, F., Katz, R., Lakshman, T.: Gigabit rate packet pattern-matching using tcam. In: Proceedings of the 12th IEEE International Conference on Network Protocols, 2004, ICNP 2004, pp. 174–183 October 2004

    Google Scholar 

  26. Yu, X., Becchi, M.: Gpu acceleration of regular expression matching for large datasets: exploring the implementation space. In: Proceedings of the ACM International Conference on Computing Frontiers, CF 2013. ACM (2013)

    Google Scholar 

  27. Zu, Y., Yang, M., Xu, Z., Wang, L., Tian, X., Peng, K., Dong, Q.: Gpu-based nfa implementation for memory efficient high speed regular expression matching. In: Proceedings of the 17th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, PPoPP 2012, pp. 129–140. ACM (2012)

    Google Scholar 

Download references

Acknowledgments

This work is supported by the National Science Foundation of China under Grant 61173167, 61472130, the National Basic Research Program of China (973) under Grant 2012CB315805, the Prospective Research Project on Future Networks of Jiangsu Future Networks Innovation Institute under Grant BY2013095-1-05, and the Hunan Provincial Innovation Foundation For Postgraduate under Grant CX2014B150.

Author information

Authors and Affiliations

  1. College of Computer Science and Electronic Engineering, Hunan University, Changsha, 410082, China

    Sheng Huo, Dafang Zhang & Yanbiao Li

Authors
  1. Sheng Huo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dafang Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yanbiao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dafang Zhang .

Editor information

Editors and Affiliations

  1. Central South University, Changsha, China

    Guojun Wang

  2. The University of Sydney, Sydney, New South Wales, Australia

    Albert Zomaya

  3. University of Murcia, Murcia, Murcia, Spain

    Gregorio Martinez

  4. Hunan University, Changsha, China

    Kenli Li

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Huo, S., Zhang, D., Li, Y. (2015). Fast and Scalable Regular Expressions Matching with Multi-Stride Index NFA. In: Wang, G., Zomaya, A., Martinez, G., Li, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2015. Lecture Notes in Computer Science(), vol 9530. Springer, Cham. https://doi.org/10.1007/978-3-319-27137-8_43

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27137-8_43

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27136-1

  • Online ISBN: 978-3-319-27137-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation