SHOCK: A Worst-Case Ensured Sub-linear Time Pattern Matching Algorithm for Inline Anti-Virus Scanning Author: Nen-Fu Huang, Wen-Yen Tsai Publisher: IEEE.

Slides:



Advertisements
Similar presentations
IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.
Advertisements

Decompression-Free Inspection: DPI for Shared Dictionary Compression over HTTP Author: Anat Bremler-Barr, Yaron Koral, Shimrit Tzur David, David Hay Publisher:
Reviewer: Jing Lu Gigabit Rate Packet Pattern- Matching Using TCAM Fang Yu, Randy H. Katz T. V. Lakshman UC Berkeley Bell Labs, Lucent ICNP’2004.
A Classified Multi-Suffix Trie for IP Lookup and Update Author: Sun-Yuan Hsieh, Ying-Chi Yang Publisher: IEEE TC Presenter: Jia-Wei Yo Date: 2011/10/12.
1 A simple fast hybrid pattern- matching algorithm Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.
1 Author: Ioannis Sourdis, Sri Harsha Katamaneni Publisher: IEEE ASAP,2011 Presenter: Jia-Wei Yo Date: 2011/11/16 Longest prefix Match and Updates in Range.
Recursively Partitioned Static IP Router Tables Author: Wencheng Lu,Sartaj Sahni Publisher: IEEE TC,2010 Presenter: Jia-Wei Yo Date: 2011/09/14 1.
Modern Information Retrieval
1 Fast Packet Classification using Group Bit Vector Author: Tong Liu, Huawei Li, Xiaowei Li, Yinhe Han Publisher: IEEE GLOBECOM 2006 Presenter: Hsin-Mao.
Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.
1 A Fast Algorithm for Multi-Pattern Searching Sun Wu, Udi Manber Tech. Rep. TR94-17,Department of Computer Science, University of Arizona, May 1994.
PC-DUOS: Fast TCAM Lookup and Update for Packet Classifiers Author: Tania Banerjee-Mishra, Sartaj Sahni,Gunasekaran Seetharaman Publisher: IEEE Symposium.
1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.
An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.
1 A Fast IP Lookup Scheme for Longest-Matching Prefix Authors: Lih-Chyau Wuu, Shou-Yu Pin Reporter: Chen-Nien Tsai.
Pattern Matching in the streaming model Ely Porat Google inc & Bar-Ilan University.
1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:
1 Scalable Pattern-Matching via Dynamic Differentiated Distributed Detection (D 4 ) Author: Kai Zheng, Hongbin Lu Publisher: GLOBECOM 2008 Presenter: Han-Chen.
A Fast Algorithm for Multi-Pattern Searching Sun Wu, Udi Manber May 1994.
On the Use of Regular Expressions for Searching Text Charles L.A. Clarke and Gordon V. Cormack Fast Text Searching.
Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.
Author : Ozgun Erdogan and Pei Cao Publisher : IEEE Globecom 2005 (IJSN 2007) Presenter : Zong-Lin Sie Date : 2010/12/08 1.
Accelerating Multipattern Matching on Compressed HTTP Traffic Published in : IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 20, NO. 3, JUNE 2012 Authors : Bremler-Barr,
An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture.
Shift-based Pattern Matching for Compressed Web Traffic Author: Anat Bremler-Barr, Yaron Koral,Victor Zigdon Publisher: IEEE HPSR,2011 Presenter: Kai-Yang,
Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:
Optimizing multi-pattern searches for compressed suffix arrays Kalle Karhu Department of Computer Science and Engineering Aalto University, School of Science,
A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,
High-Speed Packet Classification Using Binary Search on Length Authors: Hyesook Lim and Ju Hyoung Mun Presenter: Yi-Sheng, Lin ( 林意勝 ) Date: Jan. 14, 2008.
Multi-Field Range Encoding for Packet Classification in TCAM Author: Yeim-Kuan Chang, Chun-I Lee and Cheng-Chien Su Publisher: INFOCOM 2011 Presenter:
1. Outline Introduction Related work on packet classification Grouper Performance Analysis Empirical Evaluation Conclusions 2/42.
EQC16: An Optimized Packet Classification Algorithm For Large Rule-Sets Author: Uday Trivedi, Mohan Lal Jangir Publisher: 2014 International Conference.
CLUE: Achieving Fast Update over Compressed Table for Parallel Lookup with Reduced Dynamic Redundancy Author: Tong Yang, Ruian Duan, Jianyuan Lu, Shenjiang.
StriD 2 FA: Scalable Regular Expression Matching for Deep Packet Inspection Author: Xiaofei Wang, Junchen Jiang, Yi Tang, Bin Liu, and Xiaojun Wang Publisher:
Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author : Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.
IP Routing Processing with Graphic Processors Author: Shuai Mu, Xinya Zhang, Nairen Zhang, Jiaxin Lu, Yangdong Steve Deng, Shu Zhang Publisher: IEEE Conference.
Tamanna Chhabra, M. Oguzhan Kulekci, and Jorma Tarhio Aalto University.
A Pattern-Matching Scheme With High Throughput Performance and Low Memory Requirement Author: Tsern-Huei Lee, Nai-Lun Huang Publisher: TRANSACTIONS ON.
StriD2FA Scalable Regular Expression Matching for Deep Packet Inspection Author : Xiaofei Wang, Junchen Jiang, Yi Tang,Yi Wang,Bin Liu Xiaojun Wang Publisher.
STRING SEARCHING ENGINE FOR VIRUS SCANNING Author : Derek Pao, Xing Wang, Xiaoran Wang, Cong Cao, Yuesheng Zhu Publisher : TRANSACTIONS ON COMPUTERS, 2012.
Author : Sarang Dharmapurikar, John Lockwood Publisher : IEEE Journal on Selected Areas in Communications, 2006 Presenter : Jo-Ning Yu Date : 2010/12/29.
High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.
AUTHOR: NIZAR BEN NEJI, ADEL BOUHOULA PUBLISHER: IEEE INTERNATIONAL CONFERENCE,2011 PRESENTER: KAI-YANG LIU DATE:2011/08/31 1 NAF Conversion: An Efficient.
Cross-Product Packet Classification in GNIFS based on Non-overlapping Areas and Equivalence Class Author: Mohua Zhang, Ge Li Publisher: AISS 2012 Presenter:
A Fast Regular Expression Matching Engine for NIDS Applying Prediction Scheme Author: Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan and Binxing Fang Publisher:
LaFA Lookahead Finite Automata Scalable Regular Expression Detection Authors : Masanori Bando, N. Sertac Artan, H. Jonathan Chao Masanori Bando N. Sertac.
High Throughput and Programmable Online Traffic Classifier on FPGA Author: Da Tong, Lu Sun, Kiran Kumar Matam, Viktor Prasanna Publisher: FPGA 2013 Presenter:
An Improved Multi-Pattern Matching Algorithm for Large-Scale Pattern Sets Author : Zhan Peng, Yu-Ping Wang and Jin-Feng Xue Conference: IEEE 10th International.
SWM: Simplified Wu-Manber for GPU- based Deep Packet Inspection Author: Lucas Vespa, Ning Weng Publisher: The 2012 International Conference on Security.
Accelerating Multi-Pattern Matching on Compressed HTTP Traffic Dr. Anat Bremler-Barr (IDC) Joint work with Yaron Koral (IDC), Infocom[2009]
Author : Lynn Choi, Hyogon Kim, Sunil Kim, Moon Hae Kim Publisher/Conf : IEEE/ACM TRANSACTIONS ON NETWORKING Speaker : De yu Chen Data :
Range Hash for Regular Expression Pre-Filtering Publisher : ANCS’ 10 Author : Masanori Bando, N. Sertac Artan, Rihua Wei, Xiangyi Guo and H. Jonathan Chao.
Recuperació de la informació Modern Information Retrieval (1999) Ricardo-Baeza Yates and Berthier Ribeiro-Neto Flexible Pattern Matching in Strings (2002)
A Multi-gigabit Rate Deep Packet Inspection Algorithm using TCAM
Ripple Joins for Online Aggregation
Selective Regular Expression Matching
Regular Expression Matching in Reconfigurable Hardware
Regular Expression Acceleration at Multiple Tens of Gb/s
Statistical Optimal Hash-based Longest Prefix Match
2018/11/19 Source Routing with Protocol-oblivious Forwarding to Enable Efficient e-Health Data Transfer Author: Shengru Li, Daoyun Hu, Wenjian Fang and.
SigMatch Fast and Scalable Multi-Pattern Matching
Speculative Parallel Pattern Matching
Knuth-Morris-Pratt Algorithm.
Byung-Joon Lee and Youngseok Lee
2019/5/3 A De-compositional Approach to Regular Expression Matching for Network Security Applications Author: Eric Norige Alex Liu Presenter: Yi-Hsien.
2019/5/5 A Flexible Wildcard-Pattern Matching Accelerator via Simultaneous Discrete Finite Automata Author: Hsiang-Jen Tsai, Chien-Chih Chen, Yin-Chi Peng,
Author: Yaron Weinsberg ,Shimrit Tzur-David ,Danny Dolev and Tal Anker
A Hybrid IP Lookup Architecture with Fast Updates
An Improved Wu-Manber Multiple Patterns Matching Algorithm
2019/10/9 Regular Expression Matching for Reconfigurable Constraint Repetition Inspection Authors : Miad Faezipour and Mehrdad Nourani Publisher : IEEE.
Presentation transcript:

SHOCK: A Worst-Case Ensured Sub-linear Time Pattern Matching Algorithm for Inline Anti-Virus Scanning Author: Nen-Fu Huang, Wen-Yen Tsai Publisher: IEEE ICC,2010 Presenter: Kai-Yang, Liu Date: 2012/1/4

INTRODUCTION Challenges of an inline multi-pattern matching algorithm:  Must be fast enough to scan millions of packets in the gigabit environment.  It is desirable for small memory footprint of the algorithm to scale well for the ever-growing virus patterns.  must perform well under a high volume of virus- infected traffic to avoid becoming the bottleneck. 2

ClamAV ClamAV provides an anti-virus engine and a regularly updated virus database. ClamAV virus signatures can be classified as one of the four categories: basic, regular expression (regex), MD5, and others. 3

Basic Patterns long minimum (>= 10 bytes ) average pattern length >= 25 bytes 4

The Proposed SHOCK Algorithm SHOCK(Shift/Hash with Overlap Check) algorithm consists of an offline preprocessing phase and an online pattern matching phase. The shift table is constructed using the same approach as in the WM algorithm with block size two and we calculate the hash value of the 2-byte prefix of each pattern. 5

Example m = 4 B = 2 totorose 6 ot0 to0 se0 oo1 os1 ro2

When a matched pattern is found, there may be another consecutive pattern in the text with prefix overlapping suffix of the currently matched one. 7

Example totorose 8 ot0 to0 se0 oo1 os1 ro2

For a pattern to be stored in the nextPat list of the current pattern, the number of its prefix characters which overlap suffix of the current pattern must be greater than or equal to P SP_TH. 9

Although only a quite small number of patterns has long nextPat list when P SP_TH = 8,they must be specially handled to avoid the worst-case scenario. 10

Bitmap-offset-indexing structure only for those patterns with nextPat list length greater than the parameter, P BMAP_TH 11

Example P SP_TH = 3 back_sh = P SP_TH -1 = 2 totorose 12

EXPERIMENTAL RESULTS 13

EXPERIMENTAL RESULTS 14

EXPERIMENTAL RESULTS 15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.