Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:

Published byJordyn Leyland Modified over 10 years ago

Similar presentations

Presentation on theme: "Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:"— Presentation transcript:

1 Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher: IEEE INFOCOM 2014 Presenter: Yen-Chun Tseng Date: 2014/09/24 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

2 Introduction Use DFA-tree to improve the speed of matching in NFA and the state- space explosion problem in DFA. Use the concept of Compact Overapproximate DFA (CODFA) as the building block for the DFA-tree construction. National Cheng Kung University CSIE Computer & Internet Architecture Lab 2

3 DFA-tree National Cheng Kung University CSIE Computer & Internet Architecture Lab 3

4 DFA combination National Cheng Kung University CSIE Computer & Internet Architecture Lab 4

5 CODFA( Compact Overapproximate DFA ) only keeps the most frequent or “hot” states of DFA and the transitions between them, and collapses the remaining states into a single state. call this “shrink” National Cheng Kung University CSIE Computer & Internet Architecture Lab 5

6 CODFA National Cheng Kung University CSIE Computer & Internet Architecture Lab 6

7 DFA-tree National Cheng Kung University CSIE Computer & Internet Architecture Lab 7

8 Encounter problem If input strings are dirty. Approximation errors. How to choose the “hot” state. National Cheng Kung University CSIE Computer & Internet Architecture Lab 8

9 If input strings are dirty Such attacks or poor performance are easy to detect and, if persistent, the ISP can temporary switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 9

10 switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 10 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

11 switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 11 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

12 switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 12 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

13 switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 13 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

14 switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 14 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

15 switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 15 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

16 switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 16 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

17 switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 17 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

18 switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 18 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

19 switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 19 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

20 switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 20 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6

21 switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 21 D12 D9 D10 D11 D1 D2 D3 D4D5D8D7 D6 It need to check 12 states in the worst case

22 switch to DFA-set matching National Cheng Kung University CSIE Computer & Internet Architecture Lab 22 D1 D2 D3 D4D5D8D7 D6 This is 1.5X (50%) faster than if DFA-trees was used Only needs 8 states

23 Approximation Errors National Cheng Kung University CSIE Computer & Internet Architecture Lab 23 D3 D1D2 VIRUSVIRAL VIR* Input : VIRUL

24 Approximation Errors National Cheng Kung University CSIE Computer & Internet Architecture Lab 24 D3 D1D2 VIRUSVIRAL VIR* Input : VIRUL

25 Approximation Errors National Cheng Kung University CSIE Computer & Internet Architecture Lab 25 D3 D1D2 VIRUSVIRAL VIR* Input : VIRUL

26 Approximation Errors National Cheng Kung University CSIE Computer & Internet Architecture Lab 26 D3 D1D2 VIRUSVIRAL VIR* Input : VIRUL

27 Approximation Errors Select more hot states. National Cheng Kung University CSIE Computer & Internet Architecture Lab 27

28 choose the “hot” state a solution may exist, but we may fail to find it. However, we have not encountered this in practice. National Cheng Kung University CSIE Computer & Internet Architecture Lab 28

29 choose the “hot” state If Q is ordered as {q 0, q 1,..., q |Q| −1}, we restrict our search for H to the |Q| sets of valid candidates of the form H k ={q 0, q 1,..., q k } {q 0 }=H 0 ⊂ H 1 ⊂...H k... ⊂ H |Q| −1=Q. We aim F+I (D Hk,D) ≤ ɛ. National Cheng Kung University CSIE Computer & Internet Architecture Lab 29

30 Experimental Evaluation The average space overhead was 15%. Worst-case attacks can only achieve a 26% slow- down on average. Shrinking is effective: an approximation error rate of 0.2% the average compression is 97%. National Cheng Kung University CSIE Computer & Internet Architecture Lab 30

31 Experimental Evaluation National Cheng Kung University CSIE Computer & Internet Architecture Lab 31

Download ppt "Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:"

Similar presentations

Scalable Packet Classification Using Hybrid and Dynamic Cuttings Authors : Wenjun Li,Xianfeng Li Publisher : Engineering Lab on Intelligent Perception.

Scalable Packet Classification Using Hybrid and Dynamic Cuttings Authors : Wenjun Li,Xianfeng Li Publisher : Engineering Lab on Intelligent Perception.
Optimizing Regular Expression Matching with SR-NFA on Multi-Core Systems Authors : Yang, Y.E., Prasanna, V.K. Yang, Y.E. Prasanna, V.K. Publisher : Parallel.

Optimizing Regular Expression Matching with SR-NFA on Multi-Core Systems Authors : Yang, Y.E., Prasanna, V.K. Yang, Y.E. Prasanna, V.K. Publisher : Parallel.
An Efficient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.

An Efficient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.
A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,

A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,
Compact State Machines for High Performance Pattern Matching Department of Computer Science and Information Engineering National Cheng Kung University,

Compact State Machines for High Performance Pattern Matching Department of Computer Science and Information Engineering National Cheng Kung University,
1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.

1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.
1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.

1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.
Memory-Efficient Regular Expression Search Using State Merging Department of Computer Science and Information Engineering National Cheng Kung University,

Memory-Efficient Regular Expression Search Using State Merging Department of Computer Science and Information Engineering National Cheng Kung University,
OpenFlow-Based Server Load Balancing GoneWild Author : Richard Wang, Dana Butnariu, Jennifer Rexford Publisher : Hot-ICE'11 Proceedings of the 11th USENIX.

OpenFlow-Based Server Load Balancing GoneWild Author : Richard Wang, Dana Butnariu, Jennifer Rexford Publisher : Hot-ICE'11 Proceedings of the 11th USENIX.
High-Performance Packet Classification on GPU Author: Shijie Zhou, Shreyas G. Singapura and Viktor K. Prasanna Publisher: HPEC 2014 Presenter: Gang Chi.

High-Performance Packet Classification on GPU Author: Shijie Zhou, Shreyas G. Singapura and Viktor K. Prasanna Publisher: HPEC 2014 Presenter: Gang Chi.
HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Authors : Wenjun Li, Xianfeng Li Publisher : 2013 IEEE 21st Annual Symposium.

HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Authors : Wenjun Li, Xianfeng Li Publisher : 2013 IEEE 21st Annual Symposium.
Thopson NFA Presenter: Yuen-Shuo Li Date: 2014/5/7 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Thopson NFA Presenter: Yuen-Shuo Li Date: 2014/5/7 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.
Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International.

Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International.
Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.
Packet Classification Using Multi-Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: COMPSACW, 2013 IEEE 37th Annual (Computer.

Packet Classification Using Multi-Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: COMPSACW, 2013 IEEE 37th Annual (Computer.
Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:

Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:
SI-DFA: Sub-expression Integrated Deterministic Finite Automata for Deep Packet Inspection Authors: Ayesha Khalid, Rajat Sen†, Anupam Chattopadhyay Publisher:

SI-DFA: Sub-expression Integrated Deterministic Finite Automata for Deep Packet Inspection Authors: Ayesha Khalid, Rajat Sen†, Anupam Chattopadhyay Publisher:
A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,

A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,
EQC16: An Optimized Packet Classification Algorithm For Large Rule-Sets Author: Uday Trivedi, Mohan Lal Jangir Publisher: 2014 International Conference.

EQC16: An Optimized Packet Classification Algorithm For Large Rule-Sets Author: Uday Trivedi, Mohan Lal Jangir Publisher: 2014 International Conference.
Pattern-Based DFA for Memory- Efficient and Scalable Multiple Regular Expression Matching Author: Junchen Jiang, Yang Xu, Tian Pan, Yi Tang, Bin Liu Publisher:IEEE.

Pattern-Based DFA for Memory- Efficient and Scalable Multiple Regular Expression Matching Author: Junchen Jiang, Yang Xu, Tian Pan, Yi Tang, Bin Liu Publisher:IEEE.

Similar presentations

Ads by Google