Title :
A DFA with Extended Character-Set for Fast Deep Packet Inspection
Author :
Cong Liu ; Yan Pan ; Ai Chen ; Jie Wu
Author_Institution :
Sun Yat-sen Univ., Guangzhou, China
Abstract :
Deep packet inspection (DPI), based on regular expressions, is expressive, compact, and efficient in specifying attack signatures. We focus on their implementations based on general-purpose processors that are cost-effective and flexible to update. In this paper, we propose a novel solution, called deterministic finite automata with extended character-set (DFA/EC), which can significantly decrease the number of states through doubling the size of the character-set. Unlike existing state reduction algorithms, our solution requires only a single main memory access for each byte in the traffic payload, which is the minimum. We perform experiments with several Snort rule-sets. Results show that, compared to DFAs, DFA/ECs are very compact and are over four orders of magnitude smaller in the best cases; DFA/ECs also have smaller memory bandwidth and run faster. We believe that DFA/EC will lay a groundwork for a new type of state compression technique in fast packet inspection.
Keywords :
data compression; deterministic automata; digital signatures; finite automata; inspection; DFA/EC; DPI; attack signatures; deterministic finite automata with extended character-set; fast deep packet inspection; general-purpose processors; regular expressions; snort rule-sets; state compression technique; traffic payload; Automata; Doped fiber amplifiers; Encoding; Inspection; Memory management; Payloads; Program processors; Deep packet inspection (DPI); deterministic finite automata (DFA); extended character-set (EC); regular expression;
Journal_Title :
Computers, IEEE Transactions on
