P3FSM: Portable Predictive Pattern Matching Finite State Machine

Author

Vespa, Lucas ; Mathew, Mini ; Weng, Ning

Author_Institution

Dept. of Electr. & Comput. Eng., Southern Illinois Univ., Carbondale, IL, USA

fYear

2009

fDate

7-9 July 2009

Firstpage

219

Lastpage

222

Abstract

Signature-based network intrusion detection requires fast and reconfigurable pattern matching for deep packet inspection. In our previous work we address this problem with a hardware based pattern matching engine that utilizes a novel state encoding scheme to allow memory efficient use of Deterministic Finite Automata. In this work we expand on these concepts to create a completely software based system, P³FSM, which combines the properties of hardware based systems with the portability and programmability of software. Specifically we introduce two methods, character aware and SDFA, for encoding predictive state codes which can forecast the next states of our FSM. The result is software based pattern matching which is fast, reconfigurable, memory-efficient and portable.

Keywords

computer networks; deterministic automata; digital signatures; finite state machines; pattern matching; security of data; telecommunication security; deterministic finite automata; packet inspection; portable predictive pattern matching finite state machine; predictive state code encoding; reconfigurable pattern matching; signature-based network intrusion detection; software portability; software programmability; software-based system; Automata; Doped fiber amplifiers; Encoding; Engines; Hardware; Inspection; Intrusion detection; Pattern matching; Samarium; Software systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Application-specific Systems, Architectures and Processors, 2009. ASAP 2009. 20th IEEE International Conference on

Conference_Location

Boston, MA

ISSN

2160-0511

Print_ISBN

978-0-7695-3732-0

Electronic_ISBN

2160-0511

Type

conf

DOI

10.1109/ASAP.2009.16

Filename

5200035