Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:

Slides:



Advertisements
Similar presentations
Scalable Packet Classification Using Hybrid and Dynamic Cuttings Authors : Wenjun Li,Xianfeng Li Publisher : Engineering Lab on Intelligent Perception.
Advertisements

Optimizing Regular Expression Matching with SR-NFA on Multi-Core Systems Authors : Yang, Y.E., Prasanna, V.K. Yang, Y.E. Prasanna, V.K. Publisher : Parallel.
An Efficient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.
A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,
Compact State Machines for High Performance Pattern Matching Department of Computer Science and Information Engineering National Cheng Kung University,
1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.
1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.
Memory-Efficient Regular Expression Search Using State Merging Department of Computer Science and Information Engineering National Cheng Kung University,
OpenFlow-Based Server Load Balancing GoneWild Author : Richard Wang, Dana Butnariu, Jennifer Rexford Publisher : Hot-ICE'11 Proceedings of the 11th USENIX.
High-Performance Packet Classification on GPU Author: Shijie Zhou, Shreyas G. Singapura and Viktor K. Prasanna Publisher: HPEC 2014 Presenter: Gang Chi.
HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Authors : Wenjun Li, Xianfeng Li Publisher : 2013 IEEE 21st Annual Symposium.
Thopson NFA Presenter: Yuen-Shuo Li Date: 2014/5/7 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.
Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International.
Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.
Packet Classification Using Multi-Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: COMPSACW, 2013 IEEE 37th Annual (Computer.
Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:
SI-DFA: Sub-expression Integrated Deterministic Finite Automata for Deep Packet Inspection Authors: Ayesha Khalid, Rajat Sen†, Anupam Chattopadhyay Publisher:
A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,
EQC16: An Optimized Packet Classification Algorithm For Large Rule-Sets Author: Uday Trivedi, Mohan Lal Jangir Publisher: 2014 International Conference.
Pattern-Based DFA for Memory- Efficient and Scalable Multiple Regular Expression Matching Author: Junchen Jiang, Yang Xu, Tian Pan, Yi Tang, Bin Liu Publisher:IEEE.
StriD 2 FA: Scalable Regular Expression Matching for Deep Packet Inspection Author: Xiaofei Wang, Junchen Jiang, Yi Tang, Bin Liu, and Xiaojun Wang Publisher:
Deterministic Finite Automaton for Scalable Traffic Identification: the Power of Compressing by Range Authors: Rafael Antonello, Stenio Fernandes, Djamel.
Regular Expression Matching for Reconfigurable Packet Inspection Authors: Jo˜ao Bispo, Ioannis Sourdis, Jo˜ao M.P. Cardoso and Stamatis Vassiliadis Publisher:
DBS A Bit-level Heuristic Packet Classification Algorithm for High Speed Network Author : Baohua Yang, Xiang Wang, Yibo Xue, Jun Li Publisher : th.
Memory-Efficient Regular Expression Search Using State Merging Author: Michela Becchi, Srihari Cadambi Publisher: INFOCOM th IEEE International.
Early Detection of DDoS Attacks against SDN Controllers
Updating Designed for Fast IP Lookup Author : Natasa Maksic, Zoran Chicha and Aleksandra Smiljani´c Conference: IEEE High Performance Switching and Routing.
TFA: A Tunable Finite Automaton for Regular Expression Matching Author: Yang Xu, Junchen Jiang, Rihua Wei, Yang Song and H. Jonathan Chao Publisher: ACM/IEEE.
Binary-tree-based high speed packet classification system on FPGA Author: Jingjiao Li*, Yong Chen*, Cholman HO**, Zhenlin Lu* Publisher: 2013 ICOIN Presenter:
Boundary Cutting for Packet Classification Author: Hyesook Lim, Nara Lee, Geumdan Jin, Jungwon Lee, Youngju Choi, Changhoon Yim Publisher: Networking,
A Fast Regular Expression Matching Engine for NIDS Applying Prediction Scheme Author: Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan and Binxing Fang Publisher:
Lightweight Traffic-Aware Packet Classification for Continuous Operation Author: Shariful Hasan Shaikot, Min Sik Kim Presenter: Yen-Chun Tseng Date: 2014/11/26.
Range Enhanced Packet Classification Design on FPGA Author: Yeim-Kuan Chang, Chun-sheng Hsueh Publisher: IEEE Transactions on Emerging Topics in Computing.
PC-TRIO: A Power Efficient TACM Architecture for Packet Classifiers Author: Tania Banerjee, Sartaj Sahni, Gunasekaran Seetharaman Publisher: IEEE Computer.
Lossy Compression of Packet Classifiers Author: Ori Rottenstreich, J’anos Tapolcai Publisher: 2015 IEEE International Conference on Communications Presenter:
LaFA Lookahead Finite Automata Scalable Regular Expression Detection Authors : Masanori Bando, N. Sertac Artan, H. Jonathan Chao Masanori Bando N. Sertac.
Packet Classification Using Dynamically Generated Decision Trees
GFlow: Towards GPU-based High- Performance Table Matching in OpenFlow Switches Author : Kun Qiu, Zhe Chen, Yang Chen, Jin Zhao, Xin Wang Publisher : Information.
LOP_RE: Range Encoding for Low Power Packet Classification Author: Xin He, Jorgen Peddersen and Sri Parameswaran Conference : IEEE 34th Conference on Local.
SRD-DFA Achieving Sub-Rule Distinguishing with Extended DFA Structure Author: Gao Xia, Xiaofei Wang, Bin Liu Publisher: IEEE DASC (International Conference.
Series DFA for Memory- Efficient Regular Expression Matching Author: Tingwen Liu, Yong Sun, Li Guo, and Binxing Fang Publisher: CIAA 2012( International.
Practical Multituple Packet Classification Using Dynamic Discrete Bit Selection Author: Baohua Yang, Fong J., Weirong Jiang, Yibo Xue, Jun Li Publisher:
Hierarchical Hybrid Search Structure for High Performance Packet Classification Authors : O˜guzhan Erdem, Hoang Le, Viktor K. Prasanna Publisher : INFOCOM,
LightFlow : Speeding Up GPU-based Flow Switching and Facilitating Maintenance of Flow Table Author : Nobutaka Matsumoto and Michiaki Hayashi Conference:
Scalable Multi-match Packet Classification Using TCAM and SRAM Author: Yu-Chieh Cheng, Pi-Chung Wang Publisher: IEEE Transactions on Computers (2015) Presenter:
JA-trie: Entropy-Based Packet Classification Author: Gianni Antichi, Christian Callegari, Andrew W. Moore, Stefano Giordano, Enrico Anastasi Conference.
A Multi-dimensional Packet Classification Algorithm Based on Hierarchical All-match B+ Tree Author: Gang Wang, Yaping Lin*, Jinguo Li, Xin Yao Publisher:
Reorganized and Compact DFA for Efficient Regular Expression Matching
2018/4/27 PiDFA : A Practical Multi-stride Regular Expression Matching Engine Based On FPGA Author: Jiajia Yang, Lei Jiang, Qiu Tang, Qiong Dai, Jianlong.
A DFA with Extended Character-Set for Fast Deep Packet Inspection
2018/6/26 An Energy-efficient TCAM-based Packet Classification with Decision-tree Mapping Author: Zhao Ruan, Xianfeng Li , Wenjun Li Publisher: 2013.
Statistical Optimal Hash-based Longest Prefix Match
Parallel Processing Priority Trie-based IP Lookup Approach
2018/12/29 A Novel Approach for Prefix Minimization using Ternary trie (PMTT) for Packet Classification Author: Sanchita Saha Ray, Abhishek Chatterjee,
Binary Prefix Search Author: Yeim-Kuan Chang
2019/1/3 Exscind: Fast Pattern Matching for Intrusion Detection Using Exclusion and Inclusion Filters Next Generation Web Services Practices (NWeSP) 2011.
Memory-Efficient Regular Expression Search Using State Merging
Scalable Multi-Match Packet Classification Using TCAM and SRAM
A New String Matching Algorithm Based on Logical Indexing
Compact DFA Structure for Multiple Regular Expressions Matching
2019/5/3 A De-compositional Approach to Regular Expression Matching for Network Security Applications Author: Eric Norige Alex Liu Presenter: Yi-Hsien.
2019/5/8 BitCoding Network Traffic Classification Through Encoded Bit Level Signatures Author: Neminath Hubballi, Mayank Swarnkar Publisher/Conference:
Presenter: Yu Hao, Tseng Date: 2014/8/25
Large-scale Packet Classification on FPGA
OpenSec:Policy-Based Security Using Software-Defined Networking
A Hybrid IP Lookup Architecture with Fast Updates
Pattern Based Packet Filtering using NetFPGA in DETER Infrastructure
2019/9/3 Adaptive Hashing Based Multiple Variable Length Pattern Search Algorithm for Large Data Sets 比對 Simple Pattern 的方法是基於 Hash 並且可以比對不同長度的 Pattern。
2019/10/9 Regular Expression Matching for Reconfigurable Constraint Repetition Inspection Authors : Miad Faezipour and Mehrdad Nourani Publisher : IEEE.
2019/11/12 Efficient Measurement on Programmable Switches Using Probabilistic Recirculation Presenter:Hung-Yen Wang Authors:Ran Ben Basat, Xiaoqi Chen,
Presentation transcript:

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher: IEEE INFOCOM 2014 Presenter: Yen-Chun Tseng Date: 2014/09/24 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Introduction Use DFA-tree to improve the speed of matching in NFA and the state- space explosion problem in DFA. Use the concept of Compact Overapproximate DFA (CODFA) as the building block for the DFA-tree construction. National Cheng Kung University CSIE Computer & Internet Architecture Lab 2

DFA-tree National Cheng Kung University CSIE Computer & Internet Architecture Lab 3

DFA combination National Cheng Kung University CSIE Computer & Internet Architecture Lab 4

CODFA( Compact Overapproximate DFA ) only keeps the most frequent or “hot” states of DFA and the transitions between them, and collapses the remaining states into a single state. call this “shrink” National Cheng Kung University CSIE Computer & Internet Architecture Lab 5

CODFA National Cheng Kung University CSIE Computer & Internet Architecture Lab 6

DFA-tree National Cheng Kung University CSIE Computer & Internet Architecture Lab 7

Encounter problem If input strings are dirty. Approximation errors. How to choose the “hot” state. National Cheng Kung University CSIE Computer & Internet Architecture Lab 8

If input strings are dirty Such attacks or poor performance are easy to detect and, if persistent, the ISP can temporary switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 9

switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 10 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 11 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 12 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 13 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 14 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 15 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 16 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 17 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 18 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 19 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 20 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 21 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6 It need to check 12 states in the worst case

switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 22 D1 D2 D3 D4D5D8D7 D6 This is 1.5X (50%) faster than if DFA-trees was used Only needs 8 states

Approximation Errors National Cheng Kung University CSIE Computer & Internet Architecture Lab 23 D3 D1D2 VIRUSVIRAL VIR* Input : VIRUL

Approximation Errors National Cheng Kung University CSIE Computer & Internet Architecture Lab 24 D3 D1D2 VIRUSVIRAL VIR* Input : VIRUL

Approximation Errors National Cheng Kung University CSIE Computer & Internet Architecture Lab 25 D3 D1D2 VIRUSVIRAL VIR* Input : VIRUL

Approximation Errors National Cheng Kung University CSIE Computer & Internet Architecture Lab 26 D3 D1D2 VIRUSVIRAL VIR* Input : VIRUL

Approximation Errors Select more hot states. National Cheng Kung University CSIE Computer & Internet Architecture Lab 27

choose the “hot” state a solution may exist, but we may fail to find it. However, we have not encountered this in practice. National Cheng Kung University CSIE Computer & Internet Architecture Lab 28

choose the “hot” state If Q is ordered as {q 0, q 1,..., q |Q| −1}, we restrict our search for H to the |Q| sets of valid candidates of the form H k ={q 0, q 1,..., q k } {q 0 }=H 0 ⊂ H 1 ⊂...H k... ⊂ H |Q| −1=Q. We aim F+I (D Hk,D) ≤ ɛ. National Cheng Kung University CSIE Computer & Internet Architecture Lab 29

Experimental Evaluation The average space overhead was 15%. Worst-case attacks can only achieve a 26% slow- down on average. Shrinking is effective: an approximation error rate of 0.2% the average compression is 97%. National Cheng Kung University CSIE Computer & Internet Architecture Lab 30

Experimental Evaluation National Cheng Kung University CSIE Computer & Internet Architecture Lab 31

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.