Presentation is loading. Please wait.

Presentation is loading. Please wait.

StriD2FA Scalable Regular Expression Matching for Deep Packet Inspection Author : Xiaofei Wang, Junchen Jiang, Yi Tang,Yi Wang,Bin Liu Xiaojun Wang Publisher.

Published byGrant Banks Modified over 9 years ago

Similar presentations

Presentation on theme: "StriD2FA Scalable Regular Expression Matching for Deep Packet Inspection Author : Xiaofei Wang, Junchen Jiang, Yi Tang,Yi Wang,Bin Liu Xiaojun Wang Publisher."— Presentation transcript:

1 StriD2FA Scalable Regular Expression Matching for Deep Packet Inspection Author : Xiaofei Wang, Junchen Jiang, Yi Tang,Yi Wang,Bin Liu Xiaojun Wang Publisher : IEEE ICC2011 Presenter : Wen-Tse Liang Date : 2011/11/16 1

2  INTRODUCTION  Stride-DFA (StriD2FA).  SYSTEM DESIGN PRINCIPLES AND CHALLENGES  Converting input stream into SL stream  An Example of StriD2FA  Benefits of LBM  Challenges  OPTIMIZATION OF FALSE POSITIVE  EVALUATION 2 Outline

3  A novel length-based matching (LBM) is presented for accelerating regex matching.  In LBM, a packet as a byte stream is first converted into a much shorter stride-length (SL) stream (i.e., integer stream)before sending to StriD2FA.  Therefore, the shorter the SL stream is, the higher the speedup can be achieved (in our system, 10 to 15 times speedup is achievable). 3 Introduction

4  StriD2FA is not directly built from regex, but is built according to different kinds of SL streams.  Therefore, the fundamental difference between StriD2FA and DFA is that in DFA a transition records a byte while in StriD2FA it records a length (i.e., integer). 4 Introduction

5  some specific characters are chosen, called a tag.  A tag is used to get the distances between two adjacent tags which are called stride lengths (SL). Converting input stream into SL stream 5

6  regex rule is “.*abba.{2}caca” 1.F a (.*abba ) is (1 | 2 | 3)+3. 2.Since the length of the first a in “caca” relies on two arbitrary characters which could be [ˆa][ˆa], a[ˆa], [ˆa]a, or aa. 3.So possibly the SL stream of F a (.{2}caca) = 1. 3 1 2 ([^a] [^a]caca) 2. 1 3 2 (a [^a]caca) 3. 2 2 2 ([^a] acaca) 4. 1 1 2 2 (aacaca) An Example of StriD2FA 6

7 .*abba.{2}caca  (1 | 2 | 3)+ 3 (3 1 2 | 1 3 2 | 2 2 2 | 1 1 2 2) An Example of StriD2FA 7

8  Increased speed  If the lengths between tags (properly chosen) are relatively long, the method can achieve quite a high speedup.  Small memory consumption:  Firstly, the number of states is generally less than traditional DFA  Secondly, the fanout of each state is controlled by the window size, and which is generally far smaller than the fanout of a traditional DFA (256 in standard ASCII). Benefits of LBM 8

9  Intuitively, a rule is covered by one or more tags c 1,..., c k when it is of very high probability that the rule is matched if StriD2FA 1,..., StriD2FA k all report a match.  it is easy to find that choosing “frequent” characters in a rule as tags can greatly reduce false positive rate.  # of occurrences of c in regex r over the sum of lengths of all fixed substrings in r: OPTIMIZATION OF FALSE POSITIVE 9

10 EVALUATION 10

11 EVALUATION 11

Download ppt "StriD2FA Scalable Regular Expression Matching for Deep Packet Inspection Author : Xiaofei Wang, Junchen Jiang, Yi Tang,Yi Wang,Bin Liu Xiaojun Wang Publisher."

Similar presentations

Deep packet inspection – an algorithmic view Cristian Estan (U of Wisconsin-Madison) at IEEE CCW 2008.

Deep packet inspection – an algorithmic view Cristian Estan (U of Wisconsin-Madison) at IEEE CCW 2008.
Authors: Wei Lin, Bin Liu Publisher: ICPADS, 2008 (IEEE International Conference on Parallel and Distributed Systems) Presenter: Chia-Yi, Chu Date: 2014/03/05.

Authors: Wei Lin, Bin Liu Publisher: ICPADS, 2008 (IEEE International Conference on Parallel and Distributed Systems) Presenter: Chia-Yi, Chu Date: 2014/03/05.
Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:
A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,

A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,
1 Fast Packet Classification using Group Bit Vector Author: Tong Liu, Huawei Li, Xiaowei Li, Yinhe Han Publisher: IEEE GLOBECOM 2006 Presenter: Hsin-Mao.

1 Fast Packet Classification using Group Bit Vector Author: Tong Liu, Huawei Li, Xiaowei Li, Yinhe Han Publisher: IEEE GLOBECOM 2006 Presenter: Hsin-Mao.
11 FPGA based High speed and low area cost pattern matching Authors: Jian Huang, Zongkai Yang, Xu Du, and Wei Liu Publisher: Proceedings of IEEE Symposium.

11 FPGA based High speed and low area cost pattern matching Authors: Jian Huang, Zongkai Yang, Xu Du, and Wei Liu Publisher: Proceedings of IEEE Symposium.
Efficient Multidimensional Packet Classification with Fast Updates Author: Yeim-Kuan Chang Publisher: IEEE TRANSACTIONS ON COMPUTERS, VOL. 58, NO. 4, APRIL.

Efficient Multidimensional Packet Classification with Fast Updates Author: Yeim-Kuan Chang Publisher: IEEE TRANSACTIONS ON COMPUTERS, VOL. 58, NO. 4, APRIL.
Multiple Sender Distributed Video Streaming Thinh Nguyen, Avideh Zakhor appears on “IEEE Transactions On Multimedia, vol. 6, no. 2, April, 2004”

Multiple Sender Distributed Video Streaming Thinh Nguyen, Avideh Zakhor appears on “IEEE Transactions On Multimedia, vol. 6, no. 2, April, 2004”
1 Accelerating Multi-Patterns Matching on Compressed HTTP Traffic Authors: Anat Bremler-Barr, Yaron Koral Presenter: Chia-Ming,Chang Date: 2009.9.1 Publisher/Conf.

1 Accelerating Multi-Patterns Matching on Compressed HTTP Traffic Authors: Anat Bremler-Barr, Yaron Koral Presenter: Chia-Ming,Chang Date: Publisher/Conf.
Performance Evaluation of IPv6 Packet Classification with Caching Author: Kai-Yuan Ho, Yaw-Chung Chen Publisher: ChinaCom 2008 Presenter: Chen-Yu Chaug.

Performance Evaluation of IPv6 Packet Classification with Caching Author: Kai-Yuan Ho, Yaw-Chung Chen Publisher: ChinaCom 2008 Presenter: Chen-Yu Chaug.
1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.

1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.
1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.

1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.
1 A Novel Binary Particle Swarm Optimization. 2 Binary PSO- One version In this version of PSO, each solution in the population is a binary string. –Each.

1 A Novel Binary Particle Swarm Optimization. 2 Binary PSO- One version In this version of PSO, each solution in the population is a binary string. –Each.
1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:

1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:
Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.

Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.
Gregex: GPU based High Speed Regular Expression Matching Engine Date:101/1/11 Publisher:2011 Fifth International Conference on Innovative Mobile and Internet.

Gregex: GPU based High Speed Regular Expression Matching Engine Date:101/1/11 Publisher:2011 Fifth International Conference on Innovative Mobile and Internet.
SHOCK: A Worst-Case Ensured Sub-linear Time Pattern Matching Algorithm for Inline Anti-Virus Scanning Author: Nen-Fu Huang, Wen-Yen Tsai Publisher: IEEE.

SHOCK: A Worst-Case Ensured Sub-linear Time Pattern Matching Algorithm for Inline Anti-Virus Scanning Author: Nen-Fu Huang, Wen-Yen Tsai Publisher: IEEE.
Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila 8.5.12.

Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila
Binary Numbers.

Binary Numbers.
Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

Similar presentations

Ads by Google