Presentation is loading. Please wait.

Presentation is loading. Please wait.

Speculative Parallel Pattern Matching

Published byAnnabelle McGee Modified over 6 years ago

Similar presentations

Presentation on theme: "Speculative Parallel Pattern Matching"— Presentation transcript:

1 Speculative Parallel Pattern Matching
Author: Daniel Luchaup, Randy Smith, Cristian Estan, Somesh Jha Publisher: IEEE Transactions on Information Forensics and Security Presenter: Zi-Yang Ou Date: 2012/04/11

2 Introduction Matching network traffic against a DFA is inherently a serial activity. We break this inherent serialization imposed by the pointer chasing nature of DFA matching using speculation. Our method works by dividing the input into multiple chunks and scanning each of them in parallel using traditional DFA matching. The main idea behind our algorithm is to guess the initial state for all but the first chunk, and then to make sure that this guess does not lead to incorrect results.

3 Background

4 Signature Types Suffix-closed regular expressions
Prefix-closed regular expressions (PREs) Ex: .*VIRUS.* Anchored regular expressions (Non-PRE) Ex: VIRUS General regular expressions (GREs) unrestricted, arbitrary regular expressions

5 Example of Using Speculation
coupling validation region : IRUL

6 Statistical Support for Speculative Matching
The typical maximum TCP packet length is 1500 bytes. We contend that the length of the validation region will be small.

7 Basic SPPM Algorithm

8 SPPM for Single-Threaded Software

9 SPPM for Parallel Hardware

10 SPPM for Parallel Hardware

11 Anchored Regular Expressions

12 General Case: Matching GREs

13 Bounding the Validation Region

14 Experimental Setup

15 Evaluation of Algorithm 3 (Single Threaded, Software Implementation)

16 Evaluation of Algorithm 4 (Basic SPPM for Prefix Closed Regular Expressions) Using Simulation

17 Validation Region

18 Evaluation of Algorithm 6 (SPPM for GREs) Using Simulation

19 Evaluation of Algorithm 7 (SPPM for PRE, With Bounded Validation Region) Using Simulation

Download ppt "Speculative Parallel Pattern Matching"

Similar presentations

Deep packet inspection – an algorithmic view Cristian Estan (U of Wisconsin-Madison) at IEEE CCW 2008.

Deep packet inspection – an algorithmic view Cristian Estan (U of Wisconsin-Madison) at IEEE CCW 2008.
Author : Xinming Chen,Kailin Ge,Zhen Chen and Jun Li Publisher : ANCS, 2011 Presenter : Tsung-Lin Hsieh Date : 2011/12/14 1.

Author : Xinming Chen,Kailin Ge,Zhen Chen and Jun Li Publisher : ANCS, 2011 Presenter : Tsung-Lin Hsieh Date : 2011/12/14 1.
Authors: Wei Lin, Bin Liu Publisher: ICPADS, 2008 (IEEE International Conference on Parallel and Distributed Systems) Presenter: Chia-Yi, Chu Date: 2014/03/05.

Authors: Wei Lin, Bin Liu Publisher: ICPADS, 2008 (IEEE International Conference on Parallel and Distributed Systems) Presenter: Chia-Yi, Chu Date: 2014/03/05.
Backtracking Algorithmic Complexity Attacks Against a NIDS

Backtracking Algorithmic Complexity Attacks Against a NIDS
Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:
An On-Chip IP Address Lookup Algorithm Author: Xuehong Sun and Yiqiang Q. Zhao Publisher: IEEE TRANSACTIONS ON COMPUTERS, 2005 Presenter: Yu Hao, Tseng.

An On-Chip IP Address Lookup Algorithm Author: Xuehong Sun and Yiqiang Q. Zhao Publisher: IEEE TRANSACTIONS ON COMPUTERS, 2005 Presenter: Yu Hao, Tseng.
Massively Parallel Cuckoo Pattern Matching Applied For NIDS/NIPS  Author: Tran Ngoc Thinh, Surin Kittitornkun  Publisher: Electronic Design, Test and.

Massively Parallel Cuckoo Pattern Matching Applied For NIDS/NIPS  Author: Tran Ngoc Thinh, Surin Kittitornkun  Publisher: Electronic Design, Test and.
Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Author: Anat Bremler-Barr, Yaron Koral, Shimrit Tzur David, David Hay Publisher:

Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Author: Anat Bremler-Barr, Yaron Koral, Shimrit Tzur David, David Hay Publisher:
Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Anat Bremler-Barr Interdisciplinary Center Herzliya Shimrit Tzur David Interdisciplinary.

Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Anat Bremler-Barr Interdisciplinary Center Herzliya Shimrit Tzur David Interdisciplinary.
XFA : Faster Signature Matching With Extended Automata Author: Randy Smith, Cristian Estan and Somesh Jha Publisher: IEEE Symposium on Security and Privacy.

XFA : Faster Signature Matching With Extended Automata Author: Randy Smith, Cristian Estan and Somesh Jha Publisher: IEEE Symposium on Security and Privacy.
Using Cell Processors for Intrusion Detection through Regular Expression Matching with Speculation Author: C˘at˘alin Radu, C˘at˘alin Leordeanu, Valentin.

Using Cell Processors for Intrusion Detection through Regular Expression Matching with Speculation Author: C˘at˘alin Radu, C˘at˘alin Leordeanu, Valentin.
11 An Improved Algorithm to Accelerate Regular Expression Evaluation Authors: Michela Becchi and Patrick Crowley Publisher: ANCS’07 Present: Kia-Tso Chang.

11 An Improved Algorithm to Accelerate Regular Expression Evaluation Authors: Michela Becchi and Patrick Crowley Publisher: ANCS’07 Present: Kia-Tso Chang.
1 Processor Array Architectures for Deep Packet Classification Authors: Fayez Gebali and A.N.M. Ehtesham Rafiq Publisher: IEEE Transactions on Parallel.

1 Processor Array Architectures for Deep Packet Classification Authors: Fayez Gebali and A.N.M. Ehtesham Rafiq Publisher: IEEE Transactions on Parallel.
1 Fast Packet Classification using Group Bit Vector Author: Tong Liu, Huawei Li, Xiaowei Li, Yinhe Han Publisher: IEEE GLOBECOM 2006 Presenter: Hsin-Mao.

1 Fast Packet Classification using Group Bit Vector Author: Tong Liu, Huawei Li, Xiaowei Li, Yinhe Han Publisher: IEEE GLOBECOM 2006 Presenter: Hsin-Mao.
Efficient IP-Address Lookup with a Shared Forwarding Table for Multiple Virtual Routers Author: Jing Fu, Jennifer Rexford Publisher: ACM CoNEXT 2008 Presenter:

Efficient IP-Address Lookup with a Shared Forwarding Table for Multiple Virtual Routers Author: Jing Fu, Jennifer Rexford Publisher: ACM CoNEXT 2008 Presenter:
Knuth-Morris-Pratt Algorithm left to right scan like the naïve algorithm one main improvement –on a mismatch, calculate maximum possible shift to the right.

Knuth-Morris-Pratt Algorithm left to right scan like the naïve algorithm one main improvement –on a mismatch, calculate maximum possible shift to the right.
Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.
1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.

1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.
An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.

An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.
1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.

1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.

Similar presentations

Ads by Google