Title :
Independent Parallel Compact Finite Automatons for Accelerating Multi-String Matching
Author :
Tang, Yi ; Jiang, Junchen ; Wang, Xiaofei ; Liu, Bin ; Xu, Yang
Author_Institution :
Dept. of Comput. Sci. & Technol., Tsinghua Univ., Beijing, China
Abstract :
Multi-string matching is a key technique for implementing network security applications like Network Intrusion Detection Systems (NIDS). Existing DFA-based approaches always tradeoff between memory and throughput, and fail to has the best of both worlds. This paper extends the classic longest prefix principle from single-character to multi-character string matching and proposes a multi-string matching acceleration scheme named Independent Parallel Compact Finite Automata (PC-FA). In the scheme, DFA is divided into k PC-FAs, each of which can process one character from the input stream, achieving a speedup up to k with reduced memory occupation. Theoretical proof is given for the equivalency between traditional DFA and PC-FA approach. Experimental evaluations show that seven times of speedup can be practically achieved with a reduced memory size than up-to-date DFA-based compression approaches.
Keywords :
deterministic automata; security of data; telecommunication security; DFA; independent parallel compact finite automata; independent parallel compact finite automatons; multi-character string matching; multi-string matching acceleration scheme; network intrusion detection systems; network security; single-character string matching; Automata; Doped fiber amplifiers; Engines; Intrusion detection; Memory management; Pattern matching; Throughput;
Conference_Titel :
Global Telecommunications Conference (GLOBECOM 2010), 2010 IEEE
Conference_Location :
Miami, FL
Print_ISBN :
978-1-4244-5636-9
Electronic_ISBN :
1930-529X
DOI :
10.1109/GLOCOM.2010.5684119
