Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deep packet inspection – an algorithmic view Cristian Estan (U of Wisconsin-Madison) at IEEE CCW 2008.

Published byAidan Sanders Modified over 10 years ago

Similar presentations

Presentation on theme: "Deep packet inspection – an algorithmic view Cristian Estan (U of Wisconsin-Madison) at IEEE CCW 2008."— Presentation transcript:

1 Deep packet inspection – an algorithmic view Cristian Estan (U of Wisconsin-Madison) at IEEE CCW 2008

2 Algorithms matter Even non-software solutions using FPGAs and ASICs run algorithms Ideal solution – not clear if/when we can get there Memory increases linearly with # of sigs (unlike DFAs) Complex sigs can contribute more than simple ones Processing constant as # of sigs increases (unlike NFAs) No slowdown (except that larger memories may be slower) No increase in power usage (except for the bigger memories) Processing n bytes at a time costs the following: Up to n-fold increase in memory bandwidth and processing No increase in memory size (exponential for naïve algorithm) No increase in latency (should be same as for 1 byte)

3 Some general algorithmic ideas for regex matching in DPI 1. Exploiting hardware parallelism 2. Slow path/fast path solutions 3. Compressing transition tables 4. Using auxiliary variables with DFAs

4 1. Can hardware parallelism lead to ideal solution? Match input against multiple sigs independently NFA-based solutions for matching a single sig with breadth-first traversal of states can also exploit parallelism Advantages Area increases linearly with # of sigs No slowdown as # of sigs increases Challenges when # of sigs gets large Power consumption goes up On-chip communication becomes more costly

5 2. Can slow path/fast path lead to ideal solution? A simpler version of sigs (e.g. string matching) is processed in the fast path and if needed, a more complex version in the slow path Advantages Can use algorithms that scale well in memory and processing in the fast path Can use different technology & algorithm for slow path Challenges Algorithmic complexity attacks may trigger the slow path so often that the system cannot keep up Measuring performance on traces not enough, must quantify worst-case performance an adversary can trigger

6 3. Can transition table compression lead to ideal solution? Exploit the fact that transition tables for different states are similar (D 2 FAs) or that many characters are treated similarly (alphabet compression tables) Advantages Easy to achieve savings up to a point Works even better for multi-byte matching Challenges Slowdown in matching too big if compression too complex Memory still increases when doing multi-byte matching Does not help to reduce number of states

7 4. Can DFAs + auxiliary variables lead to ideal solution? Associate with some DFA states programs manipulating auxiliary variables DFAs become simpler, no state space explosion Advantages Memory (# of states) increases linearly with # sigs Processing increases only slightly with # of sigs Disadvantages Average program length increases (slowly) with # of sigs Algorithmic complexity attacks can cause (small) slowdown Does not solve multi-byte matching

Download ppt "Deep packet inspection – an algorithmic view Cristian Estan (U of Wisconsin-Madison) at IEEE CCW 2008."

Similar presentations

Deep Packet Inspection: Where are We? CCW08 Michela Becchi.

Deep Packet Inspection: Where are We? CCW08 Michela Becchi.
Computational Complexity, Choosing Data Structures Svetlin Nakov Telerik Corporation www.telerik.com.

Computational Complexity, Choosing Data Structures Svetlin Nakov Telerik Corporation
Part IV: Memory Management

Part IV: Memory Management
Fast Submatch Extraction using OBDDs Liu Yang 1, Pratyusa Manadhata 2, William Horne 2, Prasad Rao 2, Vinod Ganapathy 1 Rutgers University 1 HP Laboratories.

Fast Submatch Extraction using OBDDs Liu Yang 1, Pratyusa Manadhata 2, William Horne 2, Prasad Rao 2, Vinod Ganapathy 1 Rutgers University 1 HP Laboratories.
Variable-Stride Multi-Pattern Matching For Scalable Deep Packet Inspection Nan Hua 1, Haoyu Song 2, T. V. Lakshman 2 1 Georgia Tech, 2 Bell Labs, Alcatel-Lucent.

Variable-Stride Multi-Pattern Matching For Scalable Deep Packet Inspection Nan Hua 1, Haoyu Song 2, T. V. Lakshman 2 1 Georgia Tech, 2 Bell Labs, Alcatel-Lucent.
Data plane algorithms in routers

Data plane algorithms in routers
Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:
Combinatorial Pattern Matching CS 466 Saurabh Sinha.

Combinatorial Pattern Matching CS 466 Saurabh Sinha.
Finite Automata Great Theoretical Ideas In Computer Science Anupam Gupta Danny Sleator CS 15-251 Fall 2010 Lecture 20Oct 28, 2010Carnegie Mellon University.

Finite Automata Great Theoretical Ideas In Computer Science Anupam Gupta Danny Sleator CS Fall 2010 Lecture 20Oct 28, 2010Carnegie Mellon University.
Using Cell Processors for Intrusion Detection through Regular Expression Matching with Speculation Author: C˘at˘alin Radu, C˘at˘alin Leordeanu, Valentin.

Using Cell Processors for Intrusion Detection through Regular Expression Matching with Speculation Author: C˘at˘alin Radu, C˘at˘alin Leordeanu, Valentin.
Introduction to Computability Theory

Introduction to Computability Theory
A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,

A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,
Chapter 3: The Efficiency of Algorithms Invitation to Computer Science, C++ Version, Third Edition Additions by Shannon Steinfadt SP’05.

Chapter 3: The Efficiency of Algorithms Invitation to Computer Science, C++ Version, Third Edition Additions by Shannon Steinfadt SP’05.
Microprocessors Introduction to ia64 Architecture Jan 31st, 2002 General Principles.

Microprocessors Introduction to ia64 Architecture Jan 31st, 2002 General Principles.
Chapter 3: The Efficiency of Algorithms Invitation to Computer Science, C++ Version, Fourth Edition.

Chapter 3: The Efficiency of Algorithms Invitation to Computer Science, C++ Version, Fourth Edition.
SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification Fang Yu 1 T. V. Lakshman 2 Martin Austin Motoyama 1 Randy H. Katz 1 1 EECS.

SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification Fang Yu 1 T. V. Lakshman 2 Martin Austin Motoyama 1 Randy H. Katz 1 1 EECS.
1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.

1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.
CS 3240 - Chapter 2. LanguageMachineGrammar RegularFinite AutomatonRegular Expression, Regular Grammar Context-FreePushdown AutomatonContext-Free Grammar.

CS Chapter 2. LanguageMachineGrammar RegularFinite AutomatonRegular Expression, Regular Grammar Context-FreePushdown AutomatonContext-Free Grammar.
Improving Signature Matching using Binary Decision Diagrams Liu Yang, Rezwana Karim, Vinod Ganapathy Rutgers University Randy Smith Sandia National Labs.

Improving Signature Matching using Binary Decision Diagrams Liu Yang, Rezwana Karim, Vinod Ganapathy Rutgers University Randy Smith Sandia National Labs.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Similar presentations

Ads by Google