Space-Time Tradeoffs in Software-based Deep Packet Inspection Author: Anat Bremler-Barr, Yotam Harchol, and David Hay Published in Proc. IEEE HPSR 2011.

Slides:



Advertisements
Similar presentations
Deep packet inspection – an algorithmic view Cristian Estan (U of Wisconsin-Madison) at IEEE CCW 2008.
Advertisements

Shift-based Pattern Matching for Compressed Web Traffic Presented by Victor Zigdon 1* Joint work with: Dr. Anat Bremler-Barr 1* and Yaron Koral 2 The SPC.
Memory.
Deep Packet Inspection(DPI) Engineering for Enhanced Performance of Network Elements and Security Systems PIs: Dr. Anat Bremler-Barr (IDC) Dr. David.
Data plane algorithms in routers
Introduction to Computer Science 2 Lecture 7: Extended binary trees
Network Algorithms, Lecture 4: Longest Matching Prefix Lookups George Varghese.
Michael Alves, Patrick Dugan, Robert Daniels, Carlos Vicuna
Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.
Efficient Memory Utilization on Network Processors for Deep Packet Inspection Piti Piyachon Yan Luo Electrical and Computer Engineering Department University.
IP Routing Lookups Scalable High Speed IP Routing Lookups.
Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Author: Anat Bremler-Barr, Yaron Koral, Shimrit Tzur David, David Hay Publisher:
Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Anat Bremler-Barr Interdisciplinary Center Herzliya Shimrit Tzur David Interdisciplinary.
15-853Page : Algorithms in the Real World Suffix Trees.
296.3: Algorithms in the Real World
Huffman Coding: An Application of Binary Trees and Priority Queues
Modified Data Structure of Aho-Corasick Project ECE-526 Spring 2006 Benfano Soewito, Ed Flanigan and John Pangrazio Southern Illinois University Carbondale.
Deterministic Memory- Efficient String Matching Algorithms for Intrusion Detection Nathan Tuck, Timothy Sherwood, Brad Calder, George Varghese Department.
Efficient IP-Address Lookup with a Shared Forwarding Table for Multiple Virtual Routers Author: Jing Fu, Jennifer Rexford Publisher: ACM CoNEXT 2008 Presenter:
1 Accelerating Multi-Patterns Matching on Compressed HTTP Traffic Authors: Anat Bremler-Barr, Yaron Koral Presenter: Chia-Ming,Chang Date: Publisher/Conf.
1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:
Gregex: GPU based High Speed Regular Expression Matching Engine Date:101/1/11 Publisher:2011 Fifth International Conference on Innovative Mobile and Internet.
Data Structures and Algorithms Huffman compression: An Application of Binary Trees and Priority Queues.
Indexing structures for files D ƯƠ NG ANH KHOA-QLU13082.
 Author: Tsern-Huei Lee  Publisher: 2009 IEEE Transation on Computers  Presenter: Yuen-Shuo Li  Date: 2013/09/18 1.
CSE7701: Research Seminar on Networking
PEDS: Parallel Error Detection Scheme for TCAM Devices David Hay, Politecnico di Torino Joint work with Anat Bremler Barr (IDC, Israel), Danny Hendler.
IP Address Lookup Masoud Sabaei Assistant professor
The Intel Microprocessors. Real Mode Memory Addressing Real mode, also called real address mode, is an operating mode of and later x86-compatible.
Author : Ozgun Erdogan and Pei Cao Publisher : IEEE Globecom 2005 (IJSN 2007) Presenter : Zong-Lin Sie Date : 2010/12/08 1.
Accelerating Multipattern Matching on Compressed HTTP Traffic Published in : IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 20, NO. 3, JUNE 2012 Authors : Bremler-Barr,
8.4 paging Paging is a memory-management scheme that permits the physical address space of a process to be non-contiguous. The basic method for implementation.
An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture.
Lecture 10 Trees –Definiton of trees –Uses of trees –Operations on a tree.
Space-Time Tradeoffs in Software-Based Deep Packet Inspection Anat Bremler-Barr Yotam Harchol ⋆ David Hay IDC Herzliya, Israel Hebrew University, Israel.
Space-Time Tradeoffs in Software-Based Deep Packet Inspection Anat Bremler-Barr Yotam Harchol ⋆ David Hay IDC Herzliya, Israel Hebrew University, Israel.
Shift-based Pattern Matching for Compressed Web Traffic Author: Anat Bremler-Barr, Yaron Koral,Victor Zigdon Publisher: IEEE HPSR,2011 Presenter: Kai-Yang,
Silberschatz, Galvin and Gagne  2002 Modified for CSCI 399, Royden, Operating System Concepts Operating Systems Lecture 34 Paging Implementation.
Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:
An Efficient Regular Expressions Compression Algorithm From A New Perspective  Author: Tingwen Liu, Yifu Yang, Yanbing Liu, Yong Sun, Li Guo  Publisher:
Computer Architecture and Operating Systems CS 3230: Operating System Section Lecture OS-8 Memory Management (2) Department of Computer Science and Software.
Author : Ramakrishnan Kandhan, Nikhil Teletia & Jignesh M. Patel Publisher : International Conference on Very Large Data Bases 2010 Presenter : Zong-Lin.
8.1 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Paging Physical address space of a process can be noncontiguous Avoids.
Efficient Processing of Multi-Connection Compressed Web Traffic Yaron Koral 1 with: Yehuda Afek 1, Anat Bremler-Barr 1 * 1 Blavatnik School of Computer.
1 Memory Management (b). 2 Paging  Logical address space of a process can be noncontiguous; process is allocated physical memory whenever the latter.
A Small IP Forwarding Table Using Hashing Yeim-Kuan Chang and Wen-Hsin Cheng Dept. of Computer Science and Information Engineering National Cheng Kung.
A Pattern-Matching Scheme With High Throughput Performance and Low Memory Requirement Author: Tsern-Huei Lee, Nai-Lun Huang Publisher: TRANSACTIONS ON.
9.1 Operating System Concepts Paging Example. 9.2 Operating System Concepts.
Bahareh Sarrafzadeh 6111 Fall 2009
Author: Haoyu Song, Murali Kodialam, Fang Hao and T.V. Lakshman Publisher/Conf. : IEEE International Conference on Network Protocols (ICNP), 2009 Speaker:
A Fast Regular Expression Matching Engine for NIDS Applying Prediction Scheme Author: Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan and Binxing Fang Publisher:
Prof. Paolo Ferragina, Algoritmi per "Information Retrieval" Basics
Accelerating Multi-Pattern Matching on Compressed HTTP Traffic Dr. Anat Bremler-Barr (IDC) Joint work with Yaron Koral (IDC), Infocom[2009]
Advanced Algorithms for Fast and Scalable Deep Packet Inspection Author : Sailesh Kumar 、 Jonathan Turner 、 John Williams Publisher : ANCS’06 Presenter.
Packet Classification Using Multi- Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: 2013 IEEE 37th Annual Computer Software.
Range Hash for Regular Expression Pre-Filtering Publisher : ANCS’ 10 Author : Masanori Bando, N. Sertac Artan, Rihua Wei, Xiangyi Guo and H. Jonathan Chao.
W4118 Operating Systems Instructor: Junfeng Yang.
Advanced Data Structures Lecture 8 Mingmin Xie. Agenda Overview Trie Suffix Tree Suffix Array, LCP Construction Applications.
HUFFMAN CODES.
Scalable URL Matching with Small Memory Footprint
A DFA with Extended Character-Set for Fast Deep Packet Inspection
IP Routers – internal view
CSE7701: Research Seminar on Networking
HEXA: Compact Data Structures for Faster Packet Processing
Data plane algorithms in routers
Data Plane Algorithms in Network Processing Systems
SigMatch Fast and Scalable Multi-Pattern Matching
Practical Session 9, Memory
KUO-KUN TSENG, YUAN-CHENG LAI, YING-DAR LIN, and TSERN-HUEI LEE
CS703 - Advanced Operating Systems
Presentation transcript:

Space-Time Tradeoffs in Software-based Deep Packet Inspection Author: Anat Bremler-Barr, Yotam Harchol, and David Hay Published in Proc. IEEE HPSR 2011

2 Goal Software based DPI AC based (Exact Matching) Reduced memory size Fit in CPU cache Worst case throughput

3 Aho-Corasick Forward Transitions (To Deeper states) Failure Transitions Given a states s, Depth(s): Depth(S 4 ) = 2, Depth(S 13 ) = 3 Label(s): Label(S 4 ) = BD, Label(S 13 ) = BCA Label(S 12 ) = CDBCAB Failure Transitions to S 0 are omitted

4 ABCDE S2S2S0S2S5S4S3 S4S4S0S2S7S0S1 S5S5S0S2S7S6S1 S13S14S2S7S0S1 … Lookup Table format used in: (# of Forward transitions) more than 64. State Structure (1/3) Lookup Table Format

5 State Structure (2/3) Linear Format ABCDE S2S2S0S2S5S4S3 S5S5S0S2S7S6S1 S4 (S0) S5 (S7) DS6 S2 (S0) CS5DS4ES3

6 State Structure (3/3) Bitmap Format ABCDE S2S2S0S2S5S4S3 S5S5S0S2S7S6S1 S5 (S7) DS6 S2 (S0) CS5DS4ES S S5S4S3S0 S7

7 Path-Compression (1/3) One-way branch states are compressed. Problem: Incoming Failure Transition Outgoing Failure Transition Solution: No incoming failure transition is allowed Multiple outgoing transition Fields

8 Path-Compression (2/3) SaSbScSd ABC SaSd ABC SxSySz A, Sx 3, Sd B, Sy C, Sz A, Sb *, Sx B, Sc *, Sy C, Sd *, Sz

9 Path-Compression (3/3) Tuck. (INFOCOM 2004) SaSbScSd ABC SaSd ABCSxSySz A, Sx 3, Sd B, Sy C, Sz A, Sb *, Sx B, Sc *, Sy C, Sd *, Sz SiSjSk A T TS T, Sj *, Sp A, Sk *, Sq *, Sb SiSk TA T, Sp 2, Sk A, Sq BeforeAfter ???

10 Aho-Corasick Path Compression: Before and After Text: CDBCAB Text: CDBCAA

11 Leaves-Compression Trie leaves consists only failure transition. SaSb A Sc B SaSb A Sa Adding one bit for each forward transition => indicate an accept state The process can be applied recursively A, SbB, Sc*, Sx A, Sb, 0B, Sx, 1 AB, Sx, 1 Original 1st process 2nd process

12 Use both techniques Add one bit for every symbol of compressed path. Sa Sb Sc S0 Sp Sq AB, 0C, 1 B E Set the bit of i-th symbol when: (1) when a transition with the first i symbols of the path is to an accepting state (2) if the failure transition of the pre-compressed state reached after the first i symbols of the path, is to a leaf Sd D, 1

13 Leaves Compression: Before and After

14 Pointer Compression There are many transitions that go to states whose depth is small. 31% of the failure transitions go to depth 1 states Additional 35% of the failure transitions go to depth 2 states.

15 Variable-Size Pointers Two lengths: 2 and 2+log2|S| 00: Go to state S0 01: Go to depth 1 states (S0 occurs current symbols) 10: Go to depth 2 states (S0 occurs last symbols + current symbols) (Valid pairs are less, thus use hashing) 11: Go to next states as regular pointer

16 Huffman Coding Huffman coding allocates short code for frequent symbols and long code for infrequent ones. A lookup table is used to provide symbol-to-Huffman-code conversion. The idea is not used.

17 Evaluation Environment Two Environment: Core 2 Duo 2.53 GHz (2 Core), 32KB L1, 3MB L2. Core i GHz (4 Core), 32 KB L1, 256 KB L2, 8MB L3.

18 Evaluation Traffic Pattern: Snort ClamAV (Partial) Traffic: DARPA (Real Life) Exhaustive Traversal Failure path Traversal Worst Case

19 Space Requirement

20 Throughput

21 Memory Access

22 L1 Cache Miss Ratio

23 Miss ratio of Larger L2 Cache

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.