Presentation is loading. Please wait.

Presentation is loading. Please wait.

SI-DFA: Sub-expression Integrated Deterministic Finite Automata for Deep Packet Inspection Authors: Ayesha Khalid, Rajat Sen†, Anupam Chattopadhyay Publisher:

Published byCoral Carson Modified over 8 years ago

Similar presentations

Presentation on theme: "SI-DFA: Sub-expression Integrated Deterministic Finite Automata for Deep Packet Inspection Authors: Ayesha Khalid, Rajat Sen†, Anupam Chattopadhyay Publisher:"— Presentation transcript:

1 SI-DFA: Sub-expression Integrated Deterministic Finite Automata for Deep Packet Inspection Authors: Ayesha Khalid, Rajat Sen†, Anupam Chattopadhyay Publisher: Performance Switching and Routing (HPSR), 2013 Present: Pei-Hua Huang Date: 2014/05/14 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

2 INTRODUCTION There is a space-time trade-off : NFAs are compact but slow, DFAs are fast but space hungry An ideal finite automata should thus have the processing speed of a DFA and space requirements of an NFA Computer & Internet Architecture Lab CSIE, National Cheng Kung University 2

3 STATE-EXPLOSION A phenomenon called exponential state blowup (or state explosion) happens when the regex corresponding to the NFA has following constructs Counting Constraints 1).{n,m} : wildcard repetition between n~m times 2).{n,} : wildcard repetition at least n times 3).{n} : wildcard repetition exactly n times Kleene Star (.*) Conditions unbounded wildcard repetitions Computer & Internet Architecture Lab CSIE, National Cheng Kung University 3

4 SUB-EXPRESSION INTEGRATED DFA (SI-DFA) Break an expression into parts at blowup conditions and merge them into an integrated DFA break regexes into parts called sub-expressions using kleene star conditions as delimiters create a merged DFA for all the sub-expressions. The accepting states of DFA are labeled as Final Accepting States (FAS) or Sub-expression Accepting States (SAS) Computer & Internet Architecture Lab CSIE, National Cheng Kung University 4

5 SUB-EXPRESSION INTEGRATED DFA (SI-DFA) A regex is accepted if its constituent sub- expressions are accepted in the right order A link bit is associated with every sub- expression, whose addresses are specified in an Association Table Computer & Internet Architecture Lab CSIE, National Cheng Kung University 5

6 Ex. ab.*cd and lm Computer & Internet Architecture Lab CSIE, National Cheng Kung University 6 SUB-EXPRESSION INTEGRATED DFA (SI-DFA) Consider a traffic trace cdablmcd

7 Cases not Conforming with SI-DFA Pseudo wildcard repetitions a forbidden character table is constructed with occurrence of forbidden character x tied to invalidate the link bit corresponding to sub- expression ab forbidden characters occur in subsequent sub- expression cannot be handled by SI-DFA Ex. RE = ab[ˆx]*cxd input = abmcxd Computer & Internet Architecture Lab CSIE, National Cheng Kung University 7

8 Subsequent sub-expressions overlap SI-DFA should start matching a sub-expression only after a subsequent sub-expression has already been accepted Ex. RE = ab.*bcinput = abc Computer & Internet Architecture Lab CSIE, National Cheng Kung University 8 Cases not Conforming with SI-DFA

9 Complete containment in subsequent sub- expressions SI-DFA will generate erroneous result if a sub- expression in a regex is completely contained in its following sub-expression Ex. RE = a.*b.d input = bad Computer & Internet Architecture Lab CSIE, National Cheng Kung University 9 Cases not Conforming with SI-DFA

10 Exact-match removal in.+ Cases ‘dot-plus’ condition, e.g., ab.+cd, will be the one that matches ab.*cd and not match abcd first making a Union automata of L1 and L2 and then converting the accepting state due to L2 as a non accepting state where L1={ab, cd} and L2={abcd}, L3 = L1−L2 Computer & Internet Architecture Lab CSIE, National Cheng Kung University 10

11 PERFORMANCE EVALUATION developed in C++ Testing platform is an AMD Phenom 1055T Processor with 8 GB of RAM and Linux operating system rule-sets extracted from Bro 2.0 [19], Snort [20], and linux [21] rules Computer & Internet Architecture Lab CSIE, National Cheng Kung University 11

12 PERFORMANCE EVALUATION Computer & Internet Architecture Lab CSIE, National Cheng Kung University 12

13 PERFORMANCE EVALUATION Computer & Internet Architecture Lab CSIE, National Cheng Kung University 13

Download ppt "SI-DFA: Sub-expression Integrated Deterministic Finite Automata for Deep Packet Inspection Authors: Ayesha Khalid, Rajat Sen†, Anupam Chattopadhyay Publisher:"

Similar presentations

CSC 361NFA vs. DFA1. CSC 361NFA vs. DFA2 NFAs vs. DFAs NFAs can be constructed from DFAs using transitions: Called NFA- Suppose M 1 accepts L 1, M 2 accepts.

CSC 361NFA vs. DFA1. CSC 361NFA vs. DFA2 NFAs vs. DFAs NFAs can be constructed from DFAs using transitions: Called NFA- Suppose M 1 accepts L 1, M 2 accepts.
Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:
Optimizing Regular Expression Matching with SR-NFA on Multi-Core Systems Authors : Yang, Y.E., Prasanna, V.K. Yang, Y.E. Prasanna, V.K. Publisher : Parallel.

Optimizing Regular Expression Matching with SR-NFA on Multi-Core Systems Authors : Yang, Y.E., Prasanna, V.K. Yang, Y.E. Prasanna, V.K. Publisher : Parallel.
Finite Automata CPSC 388 Ellen Walker Hiram College.

Finite Automata CPSC 388 Ellen Walker Hiram College.
A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,

A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,
1 The scanning process Goal: automate the process Idea: –Start with an RE –Build a DFA How? –We can build a non-deterministic finite automaton (Thompson's.

1 The scanning process Goal: automate the process Idea: –Start with an RE –Build a DFA How? –We can build a non-deterministic finite automaton (Thompson's.
Design of High Performance Pattern Matching Engine Through Compact Deterministic Finite Automata Department of Computer Science and Information Engineering.

Design of High Performance Pattern Matching Engine Through Compact Deterministic Finite Automata Department of Computer Science and Information Engineering.
1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.

1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.
1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.

1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.
CS5371 Theory of Computation Lecture 4: Automata Theory II (DFA = NFA, Regular Language)

CS5371 Theory of Computation Lecture 4: Automata Theory II (DFA = NFA, Regular Language)
Memory-Efficient Regular Expression Search Using State Merging Department of Computer Science and Information Engineering National Cheng Kung University,

Memory-Efficient Regular Expression Search Using State Merging Department of Computer Science and Information Engineering National Cheng Kung University,
Improving Signature Matching using Binary Decision Diagrams Liu Yang, Rezwana Karim, Vinod Ganapathy Rutgers University Randy Smith Sandia National Labs.

Improving Signature Matching using Binary Decision Diagrams Liu Yang, Rezwana Karim, Vinod Ganapathy Rutgers University Randy Smith Sandia National Labs.
High-Performance Packet Classification on GPU Author: Shijie Zhou, Shreyas G. Singapura and Viktor K. Prasanna Publisher: HPEC 2014 Presenter: Gang Chi.

High-Performance Packet Classification on GPU Author: Shijie Zhou, Shreyas G. Singapura and Viktor K. Prasanna Publisher: HPEC 2014 Presenter: Gang Chi.
Thopson NFA Presenter: Yuen-Shuo Li Date: 2014/5/7 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Thopson NFA Presenter: Yuen-Shuo Li Date: 2014/5/7 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.
Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.
Packet Classification Using Multi-Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: COMPSACW, 2013 IEEE 37th Annual (Computer.

Packet Classification Using Multi-Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: COMPSACW, 2013 IEEE 37th Annual (Computer.
CS-5800 Theory of Computation II PROJECT PRESENTATION By Quincy Campbell & Sandeep Ravikanti.

CS-5800 Theory of Computation II PROJECT PRESENTATION By Quincy Campbell & Sandeep Ravikanti.
Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:

Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:
A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,

A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,
Lexical Analysis Constructing a Scanner from Regular Expressions.

Lexical Analysis Constructing a Scanner from Regular Expressions.

Similar presentations

Ads by Google