Skip to main content
SpringerLink
Log in

RICS-DFA: Reduced Input Character Set DFA for Memory-Efficient Regular Expression Matching

  • Conference paper
  • First Online:
Applications and Techniques in Information Security (ATIS 2015)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 557))

Abstract

Regular expression matching as a core component of deep packet inspection (DPI) is widely used in various kinds of modern network intrusion detection system (NIDS), traffic classification system and network monitoring system, etc. In these systems, regular expressions are typically converted to deterministic finite automaton (DFA), and the DFA is used to scan and check each byte of incoming packet’s payload against regular expression rule sets to judge whether current packet is matched by any rule sets. If matched, it means the packet contains specific attacks, viruses, and so on. However, the DFA generally consumes a large amount of memory. Many recent improvement work mainly focus on how to reduce the amount of memory requirement. Like the previous work, in this paper we propose a compact, time-efficient and novel DFA structure to significantly decrease the DFA’s space, the new DFA called Reduced Input Character Set DFA (RICS-DFA). A character escaping and replacing scheme is first introduced to decrease DFA’s character set size and then to reduce DFA’s space requirement with a series of optimization techniques based on RICS-DFA. A RICS-DFA is constructed by transition rewriting. Experimental results on real-life rule-sets reveal that compared to the original DFA, the RICS-DFA reduces the memory consumption by 68 %–92 % while sacrificing trivial matching speed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.snort.org/.

  2. 2.

    https://www.bro.org/.

  3. 3.

    http://l7-filter.sourceforge.net/.

References

  1. La Polla, M., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Commun. Surv. Tutor. 15(1), 446–471 (2013)

    Article  Google Scholar 

  2. Oh, J.-S., Park, M.-W., Chung, T.-M.: Enhancing security of the android platform via multi-level security model. In: Batten, L., Li, G., Niu, W., Warren, M. (eds.) ATIS 2014. CCIS, vol. 490, pp. 13–24. Springer, Heidelberg (2014)

    Google Scholar 

  3. Yu, F., Chen, Z., Diao, Y., Lakshman, T.V., Katz, R.H.: Fast and memory-efficient regular expression matching for deep packet inspection. In: ACM/IEEE Symposium on Architecture for Networking and Communications Systems, ANCS 2006, pp. 93–102. IEEE (2006)

    Google Scholar 

  4. Liu, T., Yang, Y., Liu, Y., Sun, Y., Guo, L.: An efficient regular expressions compression algorithm from a new perspective. In: INFOCOM, 2011 Proceedings IEEE, pp. 2129–2137. IEEE (2011)

    Google Scholar 

  5. Kumar, S., Dharmapurikar, S., Fang, Y., Crowley, P., Turner, J.: Algorithms to accelerate multiple regular expressions matching for deep packet inspection. ACM SIGCOMM Comput. Commun. Rev. 36(4), 339–350 (2006)

    Article  Google Scholar 

  6. Becchi, M., Crowley, P.: A-DFA: a time- and space-efficient DFA compression algorithm for fast regular expression evaluation. ACM Trans. Archit. Code Optim. 10(1), 4:1–4:26 (2013)

    Article  Google Scholar 

  7. Ficara, D., Giordano, S., Procissi, G., Vitucci, F., Antichi, G., Di Pietro, A.: An improved DFA for fast regular expression matching. ACM SIGCOMM Comput. Commun. Rev. 38(5), 29–40 (2008)

    Article  Google Scholar 

  8. Najam, M., Younis, U., Rasool, R.U.: Speculative parallel pattern matching using stride-k DFA for deep packet inspection. J. Netw. Comput. Appl. 54, 78–87 (2015)

    Article  Google Scholar 

  9. Patel, J., Liu, A.X., Torng, E.: Bypassing space explosion in high-speed regular expression matching. IEEE/ACM Trans. Netw. (TON) 22(6), 1701–1714 (2014)

    Article  Google Scholar 

  10. Aoe, J.: An efficient digital search algorithm by using a double-array structure. IEEE Trans. Softw. Eng. 15(9), 1066–1077 (1989)

    Article  Google Scholar 

  11. Becchi, M.: Regex tool. http://regex.wustl.edu/

Download references

Acknowledgments

This work is supported by National Natural Science Foundation of China (Nos. 61402475 and 61303171).

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Qiu Tang, Lei Jiang, Qiong Dai, Majing Su & Hongtao Xie

Authors
  1. Qiu Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lei Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qiong Dai
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Majing Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hongtao Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lei Jiang .

Editor information

Editors and Affiliations

  1. Chinese Academy of Sciences, Beijing, China

    Wenjia Niu

  2. Deakin University, Burwood, Victoria, Australia

    Gang Li

  3. Beijing Jiaotong University, Beijing, China

    Jiqiang Liu

  4. Chinese Academy of Sciences, Beijing, China

    Jianlong Tan

  5. Chinese Academy of Sciences, Beijing, China

    Li Guo

  6. Beijing Jiaotong University, Beijing, China

    Zhen Han

  7. Fac. Science&Technology, Deakin University, Burwood, Victoria, Australia

    Lynn Batten

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tang, Q., Jiang, L., Dai, Q., Su, M., Xie, H. (2015). RICS-DFA: Reduced Input Character Set DFA for Memory-Efficient Regular Expression Matching. In: Niu, W., et al. Applications and Techniques in Information Security. ATIS 2015. Communications in Computer and Information Science, vol 557. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48683-2_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-48683-2_23

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-48682-5

  • Online ISBN: 978-3-662-48683-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation