Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

Slides:

Advertisements

Similar presentations

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:

Advertisements

Scalable Packet Classification Using Hybrid and Dynamic Cuttings Authors : Wenjun Li,Xianfeng Li Publisher : Engineering Lab on Intelligent Perception.

Optimizing Regular Expression Matching with SR-NFA on Multi-Core Systems Authors : Yang, Y.E., Prasanna, V.K. Yang, Y.E. Prasanna, V.K. Publisher : Parallel.

An Efﬁcient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.

XFA : Faster Signature Matching With Extended Automata Author: Randy Smith, Cristian Estan and Somesh Jha Publisher: IEEE Symposium on Security and Privacy.

1 A Heuristic and Hybrid Hash- based Approach to Fast Lookup Author: Gianni Antichi, Andrea Di Pietro, Domenico Ficara, Stefano Giordano, Gregorio Procissi,

A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,

1 FPGA-based ROM-free network intrusion detection using shift-OR circuit Department of Computer Science and Information Engineering National Cheng Kung.

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

1 Regular expression matching with input compression ： a hardware design for use within network intrusion detection systems Department of Computer Science.

An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.

1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.

Memory-Efficient Regular Expression Search Using State Merging Department of Computer Science and Information Engineering National Cheng Kung University,

HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Authors : Wenjun Li, Xianfeng Li Publisher : 2013 IEEE 21st Annual Symposium.

Thopson NFA Presenter: Yuen-Shuo Li Date: 2014/5/7 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International.

An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture.

Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:

SI-DFA: Sub-expression Integrated Deterministic Finite Automata for Deep Packet Inspection Authors: Ayesha Khalid, Rajat Sen†, Anupam Chattopadhyay Publisher:

A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,

EQC16: An Optimized Packet Classification Algorithm For Large Rule-Sets Author: Uday Trivedi, Mohan Lal Jangir Publisher: 2014 International Conference.

Pattern-Based DFA for Memory- Efficient and Scalable Multiple Regular Expression Matching Author: Junchen Jiang, Yang Xu, Tian Pan, Yi Tang, Bin Liu Publisher:IEEE.

StriD 2 FA: Scalable Regular Expression Matching for Deep Packet Inspection Author: Xiaofei Wang, Junchen Jiang, Yi Tang, Bin Liu, and Xiaojun Wang Publisher:

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author ： Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,

Deterministic Finite Automaton for Scalable Traffic Identification: the Power of Compressing by Range Authors: Rafael Antonello, Stenio Fernandes, Djamel.

Regular Expression Matching for Reconfigurable Packet Inspection Authors: Jo˜ao Bispo, Ioannis Sourdis, Jo˜ao M.P. Cardoso and Stamatis Vassiliadis Publisher:

StriD2FA Scalable Regular Expression Matching for Deep Packet Inspection Author ： Xiaofei Wang, Junchen Jiang, Yi Tang,Yi Wang,Bin Liu Xiaojun Wang Publisher.

Memory-Efficient Regular Expression Search Using State Merging Author: Michela Becchi, Srihari Cadambi Publisher: INFOCOM th IEEE International.

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.

Updating Designed for Fast IP Lookup Author : Natasa Maksic, Zoran Chicha and Aleksandra Smiljani´c Conference: IEEE High Performance Switching and Routing.

TFA: A Tunable Finite Automaton for Regular Expression Matching Author: Yang Xu, Junchen Jiang, Rihua Wei, Yang Song and H. Jonathan Chao Publisher: ACM/IEEE.

Binary-tree-based high speed packet classification system on FPGA Author: Jingjiao Li*, Yong Chen*, Cholman HO**, Zhenlin Lu* Publisher: 2013 ICOIN Presenter:

A Fast Regular Expression Matching Engine for NIDS Applying Prediction Scheme Author: Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan and Binxing Fang Publisher:

PC-TRIO: A Power Efficient TACM Architecture for Packet Classifiers Author: Tania Banerjee, Sartaj Sahni, Gunasekaran Seetharaman Publisher: IEEE Computer.

LaFA Lookahead Finite Automata Scalable Regular Expression Detection Authors : Masanori Bando, N. Sertac Artan, H. Jonathan Chao Masanori Bando N. Sertac.

An Improved DFA for Fast Regular Expression Matching Author ： Domenico Ficara 、 Stefano Giordano 、 Gregorio Procissi Fabio Vitucci 、 Gianni Antichi 、 Andrea.

Packet Classification Using Dynamically Generated Decision Trees

LOP_RE: Range Encoding for Low Power Packet Classification Author: Xin He, Jorgen Peddersen and Sri Parameswaran Conference : IEEE 34th Conference on Local.

SRD-DFA Achieving Sub-Rule Distinguishing with Extended DFA Structure Author: Gao Xia, Xiaofei Wang, Bin Liu Publisher: IEEE DASC (International Conference.

Series DFA for Memory- Efficient Regular Expression Matching Author: Tingwen Liu, Yong Sun, Li Guo, and Binxing Fang Publisher: CIAA 2012( International.

Hierarchical Hybrid Search Structure for High Performance Packet Classification Authors : O˜guzhan Erdem, Hoang Le, Viktor K. Prasanna Publisher : INFOCOM,

LightFlow : Speeding Up GPU-based Flow Switching and Facilitating Maintenance of Flow Table Author : Nobutaka Matsumoto and Michiaki Hayashi Conference:

Scalable Multi-match Packet Classification Using TCAM and SRAM Author: Yu-Chieh Cheng, Pi-Chung Wang Publisher: IEEE Transactions on Computers (2015) Presenter:

JA-trie: Entropy-Based Packet Classiﬁcation Author: Gianni Antichi, Christian Callegari, Andrew W. Moore, Stefano Giordano, Enrico Anastasi Conference.

A Multi-dimensional Packet Classification Algorithm Based on Hierarchical All-match B+ Tree Author: Gang Wang, Yaping Lin*, Jinguo Li, Xin Yao Publisher:

Counting bloom filters for pattern matching and anti-evasion at the wire speed Author: Gianni Antichi, Domenico Ficara, Stefano Giordano, Gregorio Procissi,

Reorganized and Compact DFA for Efficient Regular Expression Matching

2018/4/27 PiDFA : A Practical Multi-stride Regular Expression Matching Engine Based On FPGA Author: Jiajia Yang, Lei Jiang, Qiu Tang, Qiong Dai, Jianlong.

A DFA with Extended Character-Set for Fast Deep Packet Inspection

2018/6/26 An Energy-efficient TCAM-based Packet Classification with Decision-tree Mapping Author: Zhao Ruan, Xianfeng Li , Wenjun Li Publisher: 2013.

Regular Expression Matching in Reconfigurable Hardware

SigMatch Fast and Scalable Multi-Pattern Matching

Parallel Processing Priority Trie-based IP Lookup Approach

2019/1/3 Exscind: Fast Pattern Matching for Intrusion Detection Using Exclusion and Inclusion Filters Next Generation Web Services Practices (NWeSP) 2011.

Memory-Efficient Regular Expression Search Using State Merging

A New String Matching Algorithm Based on Logical Indexing

Author： Domenico Ficara ,Gianni Antichi ,Nicola Bonelli ,

Compact DFA Structure for Multiple Regular Expressions Matching

2019/5/3 A De-compositional Approach to Regular Expression Matching for Network Security Applications Author: Eric Norige Alex Liu Presenter: Yi-Hsien.

2019/5/5 A Flexible Wildcard-Pattern Matching Accelerator via Simultaneous Discrete Finite Automata Author: Hsiang-Jen Tsai, Chien-Chih Chen, Yin-Chi Peng,

2019/5/8 BitCoding Network Traffic Classification Through Encoded Bit Level Signatures Author: Neminath Hubballi, Mayank Swarnkar Publisher/Conference:

Pipelined Architecture for Multi-String Matching

Presenter: Yu Hao, Tseng Date: 2014/8/25

OpenSec：Policy-Based Security Using Software-Defined Networking

Design principles for packet parsers

A Hybrid IP Lookup Architecture with Fast Updates

Pattern Based Packet Filtering using NetFPGA in DETER Infrastructure

2019/10/9 Regular Expression Matching for Reconfigurable Constraint Repetition Inspection Authors : Miad Faezipour and Mehrdad Nourani Publisher : IEEE.

Towards TCAM-based Scalable Virtual Routers

Presentation transcript:

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano Giordano, Gregorio Procissi, Fabio Vitucci Publisher: IEEE ICC 2010 Presenter: Ching-Hsuan Shih Date: 2014/07/16 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Outline Introduction Related Works Sampling DFAs Regex Sampling Rules Double Stage Scheme Experimental Results 2 National Cheng Kung University CSIE Computer & Internet Architecture Lab

Introduction Signature-based deep packet inspection has taken root as a dominant security mechanism in networking devices and computer systems. Regular expressions are more expressive than simple patterns of strings and therefore able to describe a wider variety of payload signatures. Our approach to the finite automato speed up is that sampling the text, thus having less symbols to process. Causing false positive. National Cheng Kung University CSIE Computer & Internet Architecture Lab 3

Related Works National Cheng Kung University CSIE Computer & Internet Architecture Lab 4 Observing only 2 bytes per cycle would require each DFA state to include 2 16 transitions. To solve this problem, the authors of [7] suggest a solution by observing that in actual FAs the number of different transitions is more limited. The authors of [6] try to make a k-DFA feasible by taking advantage of alphabet-reduction.

A Motivating Example Sampling DFAs National Cheng Kung University CSIE Computer & Internet Architecture Lab 5

Regex Rewriting Sampling a string is straightforward, it consists of extracting characters at the positions defined by  with offset X 0 : The offset X 0 is critical also when sampling the concatenation and union of regular expressions, it is immediate to show that: Example: Regex Sampling Rules National Cheng Kung University CSIE Computer & Internet Architecture Lab 6

A. First stage: Sampled DFA Some regexes may be so short to make sampling inconvenient. For instance : it is only 1-character long, thus potentially yielding a large number of false alarms. A solution is to hardcode them. B. Second stage: Reverse DFA If a matching happens in the “sampled DFA”, we have to process the text again to obtain a confirmation of the match. All the regexes have to be independently reversed and a new DFA has to be built according to such new rules. Ex. (abcde*) R = e*dcba Double Stage Scheme National Cheng Kung University CSIE Computer & Internet Architecture Lab 7

Experimental Results (1/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab 8

Experimental Results (2/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab 9