Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture.

Published byKellie Fitzgerald Modified over 8 years ago

Similar presentations

Presentation on theme: "An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture."— Presentation transcript:

1 An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture for networking and communications systems, 2007 Presenter: Ching Hsuan Shih Date: 2014/02/26

2 Outline I. Introduction II. Motivation III. The Proposal IV. Reducing the Alphabet V. Encoding VI. Experimental Evaluation

3 I. Introduction Signature-based deep packet inspection has taken root as a dominant security mechanism in networking devices and computer systems. Regular expressions are more expressive than simple patterns of strings and therefore able to describe a wider variety of payload signatures. There has been a amount of recent work on implementing regular expressions, particularly with representations based on deterministic finite automata (DFA).

4 I. Introduction (Cont.) DFAs have attractive properties that explain the attention they have received. They have predictable and acceptable memory bandwidth requirements. For any given regular expression, a DFA with a minimum number of states can be found [3].

5 I. Introduction (Cont.) DFAs corresponding to large sets of regular expressions containing complex patterns can be prohibitively large in terms of numbers of states and transitions. Yu et al. [15] have proposed segregating rules into multiple groups and evaluating the corresponging DFAs concurrently. Delayed Input DFA (D 2 FA) [9] redundant transitions common to a pair of states with a single default transition.

6 I. Introduction (Cont.) D 2 FA has three weaknesses It requires a user-provided parameter value which can only be determined experimentally for a given rule-set. It creates a data-structure whose worst-case paths may be traversed for each input character processed. It requires multiple passes over large support data structures during the construction phase. We propose an improved simplified algorithm for building default transitions that addresses the problems above.

7 II. Motivation In this section, we describe the D 2 FA approach [9]. The basic goal of the D 2 FA is to reduce the amount of memory needed to represent all the state transitions in a DFA.

8 II. Motivation (Cont.) During the string matching operation, the traversal of D 2 FA will be performed according to the Aho-Corasick algorithm [1], treating default transitions as failure pointers. The heuristic proposed in [9] to build a D 2 FA can be explored systematically as a maximum spanning tree problem on an undirected graph. This maximum spanning tree problem can be solved with Kruskal’s algorithm [5].

9 II. Motivation (Cont.) After the operation of Kruskal’s algorithm, the root of each tree can be selected. The node having the smallest maximum distance from any vertices within the same tree is chosen. Direct all default transitions towards the root of the default transition tree. In order to limit the maximum default path length, a heuristic is proposed to address this problem by determining a maximum spanning tree forest with bounded diameter.

10 II. Motivation (Cont.)

11 III. The Proposal We now take advantage of a simple fact: DFA traversal always starts at a single initial state S 0 We propose a more general compression algorithm which leads to a traversal time bound independent of the maximum default transition path length.

12 III. The Proposal (Cont.) Definition: For each state s, we define its depth as the minimum number of states visited when moving from s 0 to s in the DFA.

13 III. The Proposal (Cont.) Lemma: With any string of length N, a 2N time bound is guaranteed on all D 2 FA having only “backwards” transitions. A string of length N implies N labeled transitions to be followed and the number of default transitions is always at least one less than the number of labeled transitions taken. For a string of length N, the total number of state traversals cannot be higher than 2N-1.

14 III. The Proposal (Cont.) 3.1 Problem Formulation The problem can be now formulated as an instance of maximum spanning tree on a directed graph.

15 III. The Proposal (Cont.) 3.2 An example

16 III. The Proposal (Cont.) 3.3 Algorithm The whole problem is reduced to having each state select the state with lower depth having the most number of outgoing transitions in common with it.

17 III. The Proposal (Cont.)

18 IV. Reducing the Alphabet The basic idea is the following: In an alphabet ∑, two symbols c i and c j will fall into the same class if they are treated the same way in all DFA states. In other words, given the transition function δ(states, Σ)→states, δ(s,c i )= δ(s,c j ) for each state s belonging to the DFA. In practical scenarios (ASCII alphabet) this table will contain 256 entries, with a maximum width of 1 byte (for heavily compressed alphabets 5-6 bits per character may suffice).

19 V. Encoding 5.1 Bitmaps A scheme [18] consists of associating a bitmap as large as the alphabet size to each DFA state. Bits corresponding to uncompressed labeled transitions present in the current state can be set to 1; the remaining bits are set to 0. State identifiers can be simply represented through their base address in memory. The length of the necessary bitmaps can substantially decrease after alphabet reduction.

20 V. Encoding (Cont.) 5.2 Content addressing A technique [16] consists in representing state identifiers with content labels, which are stored in memory as next state transitions. A state content label contains several fields: A state discriminator The list of characters for which a labeled transition is defined An identifier for the default transition state The size of a content label depends on the number of labeled transitions defined for the corresponging state.

21 VI. Experimental Evaluation

22 VI. Experimental Evaluation (Cont.)

23

24

Download ppt "An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture."

Similar presentations

Deep Packet Inspection: Where are We? CCW08 Michela Becchi.

Deep Packet Inspection: Where are We? CCW08 Michela Becchi.
Deep packet inspection – an algorithmic view Cristian Estan (U of Wisconsin-Madison) at IEEE CCW 2008.

Deep packet inspection – an algorithmic view Cristian Estan (U of Wisconsin-Madison) at IEEE CCW 2008.
Authors: Wei Lin, Bin Liu Publisher: ICPADS, 2008 (IEEE International Conference on Parallel and Distributed Systems) Presenter: Chia-Yi, Chu Date: 2014/03/05.

Authors: Wei Lin, Bin Liu Publisher: ICPADS, 2008 (IEEE International Conference on Parallel and Distributed Systems) Presenter: Chia-Yi, Chu Date: 2014/03/05.
Introduction to Computer Science 2 Lecture 7: Extended binary trees

Introduction to Computer Science 2 Lecture 7: Extended binary trees
An Efficient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.

An Efficient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.
Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.

Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.
1 1 CDT314 FABER Formal Languages, Automata and Models of Computation Lecture 3 School of Innovation, Design and Engineering Mälardalen University 2012.

1 1 CDT314 FABER Formal Languages, Automata and Models of Computation Lecture 3 School of Innovation, Design and Engineering Mälardalen University 2012.
A Ternary Unification Framework for Optimizing TCAM-Based Packet Classification Systems Author: Eric Norige, Alex X. Liu, and Eric Torng Publisher: ANCS.

A Ternary Unification Framework for Optimizing TCAM-Based Packet Classification Systems Author: Eric Norige, Alex X. Liu, and Eric Torng Publisher: ANCS.
Introduction to Computability Theory

Introduction to Computability Theory
1 Introduction to Computability Theory Lecture3: Regular Expressions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture3: Regular Expressions Prof. Amos Israeli.
Introduction to Computability Theory

Introduction to Computability Theory
March 2006Vineet Bafna Designing Spaced Seeds March 2006Vineet Bafna Project/Exam deadlines May 2 – Send email to me with a title of your project May.

March 2006Vineet Bafna Designing Spaced Seeds March 2006Vineet Bafna Project/Exam deadlines May 2 – Send to me with a title of your project May.
1 Huffman Codes. 2 Introduction Huffman codes are a very effective technique for compressing data; savings of 20% to 90% are typical, depending on the.

1 Huffman Codes. 2 Introduction Huffman codes are a very effective technique for compressing data; savings of 20% to 90% are typical, depending on the.
11 An Improved Algorithm to Accelerate Regular Expression Evaluation Authors: Michela Becchi and Patrick Crowley Publisher: ANCS’07 Present: Kia-Tso Chang.

11 An Improved Algorithm to Accelerate Regular Expression Evaluation Authors: Michela Becchi and Patrick Crowley Publisher: ANCS’07 Present: Kia-Tso Chang.
A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,

A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,
Validating Streaming XML Documents Luc Segoufin & Victor Vianu Presented by Harel Paz.

Validating Streaming XML Documents Luc Segoufin & Victor Vianu Presented by Harel Paz.
1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.

1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.
Aho-Corasick String Matching An Efficient String Matching.

Aho-Corasick String Matching An Efficient String Matching.
1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:

1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:
1 HEXA : Compact Data Structures for Faster Packet Processing Department of Computer Science and Information Engineering National Cheng Kung University,

1 HEXA : Compact Data Structures for Faster Packet Processing Department of Computer Science and Information Engineering National Cheng Kung University,

Similar presentations

Ads by Google