LaFA Lookahead Finite Automata Scalable Regular Expression Detection Authors : Masanori Bando, N. Sertac Artan, H. Jonathan Chao Masanori Bando N. Sertac.

Slides:

Advertisements

Similar presentations

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:

Advertisements

Scalable Packet Classification Using Hybrid and Dynamic Cuttings Authors : Wenjun Li,Xianfeng Li Publisher : Engineering Lab on Intelligent Perception.

Optimizing Regular Expression Matching with SR-NFA on Multi-Core Systems Authors : Yang, Y.E., Prasanna, V.K. Yang, Y.E. Prasanna, V.K. Publisher : Parallel.

An Efﬁcient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.

A Memory-Efficient Reconfigurable Aho-Corasick FSM Implementation for Intrusion Detection Systems Authors: Seongwook Youn and Dennis McLeod Presenter:

Finite Automata Finite-state machine with no output. FA consists of States, Transitions between states FA is a 5-tuple Example! A string x is recognized.

Design of High Performance Pattern Matching Engine Through Compact Deterministic Finite Automata Department of Computer Science and Information Engineering.

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

1 Regular expression matching with input compression ： a hardware design for use within network intrusion detection systems Department of Computer Science.

1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.

Memory-Efficient Regular Expression Search Using State Merging Department of Computer Science and Information Engineering National Cheng Kung University,

High-Performance Packet Classification on GPU Author: Shijie Zhou, Shreyas G. Singapura and Viktor K. Prasanna Publisher: HPEC 2014 Presenter: Gang Chi.

HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Authors : Wenjun Li, Xianfeng Li Publisher : 2013 IEEE 21st Annual Symposium.

Thopson NFA Presenter: Yuen-Shuo Li Date: 2014/5/7 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

Packet Classification Using Multi-Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: COMPSACW, 2013 IEEE 37th Annual (Computer.

An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture.

Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:

SI-DFA: Sub-expression Integrated Deterministic Finite Automata for Deep Packet Inspection Authors: Ayesha Khalid, Rajat Sen†, Anupam Chattopadhyay Publisher:

A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,

A Hybrid IP Lookup Architecture with Fast Updates Author : Layong Luo, Gaogang Xie, Yingke Xie, Laurent Mathy, Kavé Salamatian Conference: IEEE INFOCOM,

EQC16: An Optimized Packet Classification Algorithm For Large Rule-Sets Author: Uday Trivedi, Mohan Lal Jangir Publisher: 2014 International Conference.

1 November 1, November 1, 2015November 1, 2015November 1, 2015 Azusa, CA Sheldon X. Liang Ph. D. Computer Science at Azusa Pacific University Azusa.

Pattern-Based DFA for Memory- Efficient and Scalable Multiple Regular Expression Matching Author: Junchen Jiang, Yang Xu, Tian Pan, Yi Tang, Bin Liu Publisher:IEEE.

Scalable Many-field Packet Classification on Multi-core Processors Authors : Yun R. Qu, Shijie Zhou, Viktor K. Prasanna Publisher : International Symposium.

StriD 2 FA: Scalable Regular Expression Matching for Deep Packet Inspection Author: Xiaofei Wang, Junchen Jiang, Yi Tang, Bin Liu, and Xiaojun Wang Publisher:

1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,

Deterministic Finite Automaton for Scalable Traffic Identification: the Power of Compressing by Range Authors: Rafael Antonello, Stenio Fernandes, Djamel.

Regular Expression Matching for Reconfigurable Packet Inspection Authors: Jo˜ao Bispo, Ioannis Sourdis, Jo˜ao M.P. Cardoso and Stamatis Vassiliadis Publisher:

DBS A Bit-level Heuristic Packet Classification Algorithm for High Speed Network Author : Baohua Yang, Xiang Wang, Yibo Xue, Jun Li Publisher : th.

Extending Finite Automata to Efficiently Match Perl-Compatible Regular Expressions Publisher : Conference on emerging Networking EXperiments and Technologies.

Memory-Efficient Regular Expression Search Using State Merging Author: Michela Becchi, Srihari Cadambi Publisher: INFOCOM th IEEE International.

2017/4/26 Rethinking Packet Classification for Global Network View of Software-Defined Networking Author: Takeru Inoue, Toru Mano, Kimihiro Mizutani, Shin-ichi.

Updating Designed for Fast IP Lookup Author : Natasa Maksic, Zoran Chicha and Aleksandra Smiljani´c Conference: IEEE High Performance Switching and Routing.

TFA: A Tunable Finite Automaton for Regular Expression Matching Author: Yang Xu, Junchen Jiang, Rihua Wei, Yang Song and H. Jonathan Chao Publisher: ACM/IEEE.

Binary-tree-based high speed packet classification system on FPGA Author: Jingjiao Li*, Yong Chen*, Cholman HO**, Zhenlin Lu* Publisher: 2013 ICOIN Presenter:

Boundary Cutting for Packet Classification Author: Hyesook Lim, Nara Lee, Geumdan Jin, Jungwon Lee, Youngju Choi, Changhoon Yim Publisher: Networking,

A Fast Regular Expression Matching Engine for NIDS Applying Prediction Scheme Author: Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan and Binxing Fang Publisher:

Range Enhanced Packet Classification Design on FPGA Author: Yeim-Kuan Chang, Chun-sheng Hsueh Publisher: IEEE Transactions on Emerging Topics in Computing.

PC-TRIO: A Power Efficient TACM Architecture for Packet Classifiers Author: Tania Banerjee, Sartaj Sahni, Gunasekaran Seetharaman Publisher: IEEE Computer.

Lossy Compression of Packet Classifiers Author: Ori Rottenstreich, J’anos Tapolcai Publisher: 2015 IEEE International Conference on Communications Presenter:

Packet Classification Using Dynamically Generated Decision Trees

CS 404Ahmed Ezzat 1 CS 404 Introduction to Compiler Design Lecture 1 Ahmed Ezzat.

LOP_RE: Range Encoding for Low Power Packet Classification Author: Xin He, Jorgen Peddersen and Sri Parameswaran Conference : IEEE 34th Conference on Local.

Author : Masanori Bando, N. Sertac Artan and H. Jonathan Chao Publisher : Parallel & Distributed Processing, Workshops and Phd Forum (IPDPSW), 2010 Presenter.

SRD-DFA Achieving Sub-Rule Distinguishing with Extended DFA Structure Author: Gao Xia, Xiaofei Wang, Bin Liu Publisher: IEEE DASC (International Conference.

Series DFA for Memory- Efficient Regular Expression Matching Author: Tingwen Liu, Yong Sun, Li Guo, and Binxing Fang Publisher: CIAA 2012( International.

Hierarchical Hybrid Search Structure for High Performance Packet Classification Authors : O˜guzhan Erdem, Hoang Le, Viktor K. Prasanna Publisher : INFOCOM,

Range Hash for Regular Expression Pre-Filtering Publisher : ANCS’ 10 Author : Masanori Bando, N. Sertac Artan, Rihua Wei, Xiangyi Guo and H. Jonathan Chao.

LightFlow : Speeding Up GPU-based Flow Switching and Facilitating Maintenance of Flow Table Author : Nobutaka Matsumoto and Michiaki Hayashi Conference:

Reorganized and Compact DFA for Efficient Regular Expression Matching

A DFA with Extended Character-Set for Fast Deep Packet Inspection

2018/6/26 An Energy-efficient TCAM-based Packet Classification with Decision-tree Mapping Author: Zhao Ruan, Xianfeng Li , Wenjun Li Publisher: 2013.

Regular Expression Matching in Reconfigurable Hardware

Parallel Processing Priority Trie-based IP Lookup Approach

Memory-Efficient Regular Expression Search Using State Merging

A Small and Fast IP Forwarding Table Using Hashing

A New String Matching Algorithm Based on Logical Indexing

Compact DFA Structure for Multiple Regular Expressions Matching

2019/5/3 A De-compositional Approach to Regular Expression Matching for Network Security Applications Author: Eric Norige Alex Liu Presenter: Yi-Hsien.

2019/5/5 A Flexible Wildcard-Pattern Matching Accelerator via Simultaneous Discrete Finite Automata Author: Hsiang-Jen Tsai, Chien-Chih Chen, Yin-Chi Peng,

2019/5/8 BitCoding Network Traffic Classification Through Encoded Bit Level Signatures Author: Neminath Hubballi, Mayank Swarnkar Publisher/Conference:

Power-efficient range-match-based packet classification on FPGA

Presenter: Yu Hao, Tseng Date: 2014/8/25

OpenSec：Policy-Based Security Using Software-Defined Networking

Design principles for packet parsers

A Hybrid IP Lookup Architecture with Fast Updates

2019/9/3 Adaptive Hashing Based Multiple Variable Length Pattern Search Algorithm for Large Data Sets 比對 Simple Pattern 的方法是基於 Hash 並且可以比對不同長度的 Pattern。

2019/10/9 Regular Expression Matching for Reconfigurable Constraint Repetition Inspection Authors : Miad Faezipour and Mehrdad Nourani Publisher : IEEE.

MEET-IP Memory and Energy Efficient TCAM-based IP Lookup

Presentation transcript:

LaFA Lookahead Finite Automata Scalable Regular Expression Detection Authors : Masanori Bando, N. Sertac Artan, H. Jonathan Chao Masanori Bando N. Sertac Artan H. Jonathan Chao Publisher : ANCS '09 ANCS '09 Presenter : 楊皓中 Date : 2014/06/17 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Introduction We propose Lookahead Finite Automata (LaFA) to perform scalable RegEx detection using very small amount of memory. LaFA's memory requirement is very small due to the following three areas of effort described in this paper: (1) Different parts of a RegEx, namely RegEx components, are detected using different detectors, each of which is specialized and optimized for the detection of a certain RegEx component. (2) We systematically reorder the RegEx component detection sequence, which provides us with new possibilities for memory optimization. (3) Many redundant states in classical finite automata are identified and eliminated in LaFA. National Cheng Kung University CSIE Computer & Internet Architecture Lab 2

A Warm-up example National Cheng Kung University CSIE Computer & Internet Architecture Lab 3

Separation of Simple String Matching A simple string is a fixed sequence of characters such as “abc" and “op" in r1. The resulting FA, as shown in Figure 1 (c), has fewer states than NFA. By generating one detection event per simple string, rather than making many state transitions for each input character as in an NFA or DFA, National Cheng Kung University CSIE Computer & Internet Architecture Lab 4

Reordering The Detection Sequence Consider matching the example input string “abcxop“ We observe that the FAs for r2 and r3 made the unnecessary [a-z] detection just to abandon the search at the end when neither “qr" or “st“ is found in the input. National Cheng Kung University CSIE Computer & Internet Architecture Lab 5

Reordering The Detection Sequence In general,we can classify components in RegExes based on the information revealed about a RegEx. we call components that reveal more information like abc deep components that do not reveal much information like [a-z] shallow components. National Cheng Kung University CSIE Computer & Internet Architecture Lab 6

Reordering The Detection Sequence There are deep components that are more complex to detect than simple strings. For example, a string repetition element \n{x,y} is deep but requires more complex operations than an exact string matching LaFA detects simple and deep components ahead of complex and/or shallow ones. National Cheng Kung University CSIE Computer & Internet Architecture Lab 7

Variable String Detection and Sharing detection of some components (in our example, the [a-z] component) only needs to be done once at any given time. Instead of duplicating those components in multiple RegExes, we can save resources and memory by sharing those rarely used components. National Cheng Kung University CSIE Computer & Internet Architecture Lab 8

Summary 1. RegExes are first represented in NFA format. 2. the states of simple strings are identified and merged into super states. 3. The components are reordered according to their depth and complexity. 4. Finally, the states of components that can potentially be shared among RegExes are merged. National Cheng Kung University CSIE Computer & Internet Architecture Lab 9

LAFA DATA STRUCTURE AND ARCHITECTURE Each detection event consists of a unique ID for the detected component, and its location in the input packet. string event in-line event National Cheng Kung University CSIE Computer & Internet Architecture Lab 10

the LaFA Data Structure the LaFA data structure is constructed in three steps: (1) RegEx partitioning partition each RegEx into simple strings(S) and variable strings(V). (2) Component reordering (3) Node structure construction. National Cheng Kung University CSIE Computer & Internet Architecture Lab 11

the LaFA Data Structure Node structure construction. A simple string each node has the following: 1. A pointer to the next state 2. the status of the current state 3,4. minimum and maximum time values. The variable strings 1. module ID (define which special module is used to detect) 2. pattern ID (for example [a-z] and [0-9] are assigned different IDs) 3,4. minimum and maximum repetition value for those components that have repetition notations 5,6 minimum and maximum timing values. National Cheng Kung University CSIE Computer & Internet Architecture Lab 12

Correlation Block National Cheng Kung University CSIE Computer & Internet Architecture Lab 13

Correlation Block It is important to note that LaFA avoids this drawback by duplicating the detection block and correlation block, and performing the detection operation in parallel. We call this block, consisting of one set of detection and correlation blocks, a track. For instance, we deploy two tracks in the example case, so detection operations of r1 and r4 are performed in separate tracks. As a result, LaFA can keep one operation (in parallel) per detection events. National Cheng Kung University CSIE Computer & Internet Architecture Lab 14

Detection Block buffered lookup modules Timestamps Lookup Module (TLM)  VA,VB,VC Character Lookup Module (CLM)  VH in-line lookup modules. Repetition Detection Module (RDM)  VD,VE,VF,VG National Cheng Kung University CSIE Computer & Internet Architecture Lab 15

Timestamps Lookup Module (TLM) National Cheng Kung University CSIE Computer & Internet Architecture Lab 16

Character Lookup Module (CLM) National Cheng Kung University CSIE Computer & Internet Architecture Lab 17

Repetition Detection Module (RDM) RDM detects components in the form base { x,y } by accepting consecutive repetitions of the base, x to y times in the input Let a RegEx r detection be in progress that expects a repetition next. This expected repetition is programmed into an available RDM sub-module, PatternID, with the minimum and maximum repetition values. The sub-module inspects the input packet for the expected base and counts consecutive repetitions of this base. When the input satisfies a repetition programmed on a RDM sub-module, RDM generates an in-line event, which causes the activation of the next node. National Cheng Kung University CSIE Computer & Internet Architecture Lab 18

Repetition Detection Module (RDM) For fixed-range repetition (e.g., [a-z]{5,10}), after the minimum consecutive detections (e.g., 5), the next simple-string node is activated. However, when the consecutive count reaches the maximum count (e.g., 10), the next simple-string node is deactivated and the RDM resources are released for use by other RegEx components. National Cheng Kung University CSIE Computer & Internet Architecture Lab 19

PERFORMANCE National Cheng Kung University CSIE Computer & Internet Architecture Lab 20

PERFORMANCE National Cheng Kung University CSIE Computer & Internet Architecture Lab 21

PERFORMANCE National Cheng Kung University CSIE Computer & Internet Architecture Lab 22