Abstract
Regular expression matching as a core component of deep packet inspection (DPI) is widely used in various kinds of modern network intrusion detection system (NIDS), traffic classification system and network monitoring system, etc. In these systems, regular expressions are typically converted to deterministic finite automaton (DFA), and the DFA is used to scan and check each byte of incoming packet’s payload against regular expression rule sets to judge whether current packet is matched by any rule sets. If matched, it means the packet contains specific attacks, viruses, and so on. However, the DFA generally consumes a large amount of memory. Many recent improvement work mainly focus on how to reduce the amount of memory requirement. Like the previous work, in this paper we propose a compact, time-efficient and novel DFA structure to significantly decrease the DFA’s space, the new DFA called Reduced Input Character Set DFA (RICS-DFA). A character escaping and replacing scheme is first introduced to decrease DFA’s character set size and then to reduce DFA’s space requirement with a series of optimization techniques based on RICS-DFA. A RICS-DFA is constructed by transition rewriting. Experimental results on real-life rule-sets reveal that compared to the original DFA, the RICS-DFA reduces the memory consumption by 68 %–92 % while sacrificing trivial matching speed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
La Polla, M., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Commun. Surv. Tutor. 15(1), 446–471 (2013)
Oh, J.-S., Park, M.-W., Chung, T.-M.: Enhancing security of the android platform via multi-level security model. In: Batten, L., Li, G., Niu, W., Warren, M. (eds.) ATIS 2014. CCIS, vol. 490, pp. 13–24. Springer, Heidelberg (2014)
Yu, F., Chen, Z., Diao, Y., Lakshman, T.V., Katz, R.H.: Fast and memory-efficient regular expression matching for deep packet inspection. In: ACM/IEEE Symposium on Architecture for Networking and Communications Systems, ANCS 2006, pp. 93–102. IEEE (2006)
Liu, T., Yang, Y., Liu, Y., Sun, Y., Guo, L.: An efficient regular expressions compression algorithm from a new perspective. In: INFOCOM, 2011 Proceedings IEEE, pp. 2129–2137. IEEE (2011)
Kumar, S., Dharmapurikar, S., Fang, Y., Crowley, P., Turner, J.: Algorithms to accelerate multiple regular expressions matching for deep packet inspection. ACM SIGCOMM Comput. Commun. Rev. 36(4), 339–350 (2006)
Becchi, M., Crowley, P.: A-DFA: a time- and space-efficient DFA compression algorithm for fast regular expression evaluation. ACM Trans. Archit. Code Optim. 10(1), 4:1–4:26 (2013)
Ficara, D., Giordano, S., Procissi, G., Vitucci, F., Antichi, G., Di Pietro, A.: An improved DFA for fast regular expression matching. ACM SIGCOMM Comput. Commun. Rev. 38(5), 29–40 (2008)
Najam, M., Younis, U., Rasool, R.U.: Speculative parallel pattern matching using stride-k DFA for deep packet inspection. J. Netw. Comput. Appl. 54, 78–87 (2015)
Patel, J., Liu, A.X., Torng, E.: Bypassing space explosion in high-speed regular expression matching. IEEE/ACM Trans. Netw. (TON) 22(6), 1701–1714 (2014)
Aoe, J.: An efficient digital search algorithm by using a double-array structure. IEEE Trans. Softw. Eng. 15(9), 1066–1077 (1989)
Becchi, M.: Regex tool. http://regex.wustl.edu/
Acknowledgments
This work is supported by National Natural Science Foundation of China (Nos. 61402475 and 61303171).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tang, Q., Jiang, L., Dai, Q., Su, M., Xie, H. (2015). RICS-DFA: Reduced Input Character Set DFA for Memory-Efficient Regular Expression Matching. In: Niu, W., et al. Applications and Techniques in Information Security. ATIS 2015. Communications in Computer and Information Science, vol 557. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48683-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-662-48683-2_23
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-48682-5
Online ISBN: 978-3-662-48683-2
eBook Packages: Computer ScienceComputer Science (R0)