Title :
Evaluation of regular expression match engines for DPI system
Author :
Zhang, Junying ; Wen, Qiaoyan
Author_Institution :
State Key Lab. of Networking & Switching Technol., Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
Because of its superior expressive power and flexibility, regular expression is now widely used in intrusion detection system and deep packet inspection system to define various patterns of virus or attacks in network traffic[1][2]. Excellent regular expression engine used in DPI system must be fast, accuracy and less memory usage to match a large volume of data streams, especially in realtime network. In this paper, four open source regular expression match engines are introduced, include Henry Spencer´s regex library, PCRE, RE2, and TRE. An evaluation of the four libraries on expressive power, data structure, memory usage and performance is proposed. The evaluation is based on analysis of their source code and black-box testing. Also a list of benchmarks is presented to do this evaluation. The results indicate that PCRE supports more features but has worse performance than other libraries, RE2 performs well on both time and memory usage but does not support backreferences. Both of them are more suitable for DPI system than TRE and Spency´s library.
Keywords :
computer network security; DPI system; Henry Spencer regex library; PCRE; RE2; TRE; black-box testing; data streams; data structure; deep packet inspection system; expressive power; intrusion detection system; memory performance; memory usage; realtime network; regular expression match engine evaluation; source code; Benchmark testing; Data structures; Doped fiber amplifiers; Engines; Libraries; Memory management; Pattern matching; DPI system; Realization analysis; Regular expression match engine;
Conference_Titel :
Broadband Network and Multimedia Technology (IC-BNMT), 2011 4th IEEE International Conference on
Conference_Location :
Shenzhen
Print_ISBN :
978-1-61284-158-8
DOI :
10.1109/ICBNMT.2011.6155959
