research-article

An improved DFA for fast regular expression matching

Authors:

Domenico Ficara,

Stefano Giordano,

Gregorio Procissi,

Gianni Antichi,

Andrea Di PietroAuthors Info & Claims

ACM SIGCOMM Computer Communication Review, Volume 38, Issue 5

Pages 29 - 40

https://doi.org/10.1145/1452335.1452339

Published: 30 September 2008 Publication History

Abstract

Modern network devices need to perform deep packet inspection at high speed for security and application-specific services. Finite Automata (FAs) are used to implement regular expressions matching, but they require a large amount of memory. Many recent works have proposed improvements to address this issue.

This paper presents a new representation for deterministic finite automata (orthogonal to previous solutions), called Delta Finite Automata (δFA), which considerably reduces states and transitions and requires a transition per character only, thus allowing fast matching. Moreover, a new state encoding scheme is proposed and the comprehensive algorithm is tested for use in the packet classification area.

References

[1]

A.V. Aho and M.J. Corasick. Efficient string matching: an aid to bibliographic search. Commun. ACM, 18(6):333--340, 1975.

Digital Library

[2]

A.V. Aho, R. Sethi, and J.D. Ullman. Compilers, principles, techniques, and tools. Addison Wesley, 1985.

Digital Library

[3]

Bro: A system for Detecting Network Intruders in Real Time, http://bro-ids.org/.

[4]

M. Becchi and S. Cadambi. Memory-efficient regular expression search using state merging. In Proc. of INFOCOM 2007, May 2007.

Digital Library

[5]

M. Becchi and P. Crowley. A hybrid finite automaton for practical deep packet inspection. In Proc. of CoNEXT'07, pages 1--12. ACM, 2007.

Digital Library

[6]

M. Becchi and P. Crowley. An improved algorithm to accelerate regular expression evaluation. In Proc. of ANCS'07, pages 145--154, 2007.

Digital Library

[7]

B.C. Brodie, D.E. Taylor, and R.K. Cytron. A scalable architecture for high-throughput regular-expression pattern matching. In Proc. of ISCA'06, June 2006.

Digital Library

[8]

Classbench, A Packet Classification Benchmark, http://www.arl.wustl.edu/~det3/ClassBench/.

[9]

B. Commentz-Walter. A string matching algorithm fast on the average. In Proc. of ICALP'79, pages 118--132. Springer-Verlag.

Digital Library

[10]

W. Eatherton, Z. Dittia, and G. Varghese. Tree bitmap: Hardware/software ip lookups with incremental updates. ACM SIGCOMM Computer Communications Review, 34, 2004.

Digital Library

[11]

P. Gupta and N. McKeown. Packet classification on multiple fields. In SIGCOMM, pages 147--160, 1999.

Digital Library

[12]

Intel Network Processors, www.intel.com/design/network/products/npfamily/.

[13]

S. Kumar, B. Chandrasekaran, J. Turner, and G. Varghese. Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia. In Proc. of ANCS'07, pages 155--164. ACM.

Digital Library

[14]

S. Kumar, S. Dharmapurikar, F. Yu, P. Crowley, and J. Turner. Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In Proc. of SIGCOMM'06, pages 339--350. ACM.

Digital Library

[15]

S. Kumar, J. Turner, and J. Williams. Advanced algorithms for fast and scalable deep packet inspection. In Proc. of ANCS '06, pages 81--92. ACM.

Digital Library

[16]

T.V. Lakshman and D. Stiliadis. High-speed policy-based packet forwarding using efficient multi-dimensional range matching. In SIGCOMM, pages 203--214, 1998.

Digital Library

[17]

Haoyu Song, Evaluation of Packet Classification Algorithms, www.arl.wustl.edu/~hs1/PClassEval.html.

[18]

Michela Becchi, regex tool, http://regex.wustl.edu/.

[19]

S. Singh, F. Baboescu, G. Varghese, and J. Wang. Packet classification using multidimensional cutting. Technical report, 2003.

[20]

R. Smith, C. Estan, and S. Jha. Xfa: Faster signature matching with extended automata. In IEEE Symposium on Security and Privacy, May 2008.

Digital Library

[21]

R. Smith, C. Estan, and S. Jha. Xfas: Fast and compact signature matching. Technical report, University of Wisconsin, Madison, August 2007.

[22]

R. Sommer and V. Paxson. Enhancing byte-level network intrusion detection signatures with context. In Proc. of CCS'03, pages 262--271. ACM.

Digital Library

[23]

Snort: Lightweight Intrusion Detection for Networks, http://www.snort.org/.

[24]

N. Tuck, T. Sherwood, B. Calder, and G. Varghese. Deterministic memory-efficient string matching algorithms for intrusion detection. In Proc. of INFOCOM 2004, pages 333--340.

[25]

G. Varghese. Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA, 2004.

Digital Library

[26]

J.W. Will Eatherton. An encoded version of reg-ex database from cisco systems provided for research purposes.

[27]

S. Wu and U. Manber. A fast algorithm for multi-pattern searching. Technical Report TR-94-17, Dept.of Computer Science, University of Arizona.

[28]

F. Yu, Z. Chen, Y. Diao, T.V. Lakshman, and R.H. Katz. Fast and memory-efficient regular expression matching for deep packet inspection. In Proc. of ANCS'06, pages 93--102.

Digital Library

Cited By

Cicolini LCarloni FSantambrogio MConficconi DGrosser TDubach CSteuwer MXue JOttoni GQuintão Pereira F(2024)One Automaton to Rule Them All: Beyond Multiple Regular Expressions ExecutionProceedings of the 2024 IEEE/ACM International Symposium on Code Generation and Optimization10.1109/CGO57630.2024.10444810(193-206)Online publication date: 2-Mar-2024
https://dl.acm.org/doi/10.1109/CGO57630.2024.10444810
Dieck SVerwer S(2024)On Bidirectional Deterministic Finite AutomataImplementation and Application of Automata10.1007/978-3-031-71112-1_8(109-123)Online publication date: 3-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-71112-1_8
Kumar KPrithi SK. V(2022)Intelligent Systems in Latest DFA Compression Methods for DPCHandbook of Research on Evolving Designs and Innovation in ICT and Intelligent Systems for Real-World Applications10.4018/978-1-7998-9795-8.ch009(129-146)Online publication date: 24-Jun-2022
https://doi.org/10.4018/978-1-7998-9795-8.ch009
Show More Cited By

Index Terms

An improved DFA for fast regular expression matching
1. Security and privacy
  1. Network security

Recommendations

An improved algorithm to accelerate regular expression evaluation
ANCS '07: Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems

Modern network intrusion detection systems need to perform regular expression matching at line rate in order to detect the occurrence of critical patterns in packet payloads. While deterministic finite automata (DFAs) allow this operation to be ...
Speculative parallel pattern matching using stride-k DFA for deep packet inspection

Modern deep packet inspection (DPI) systems match network traffic against a large set of patterns which are defined using regular expressions. Deterministic finite automata (DFA) is generally preferred to parse these regular expressions. However, ...
DFA-based and SIMD NFA-based regular expression matching on cell BE for fast network traffic filtering
SIN '09: Proceedings of the 2nd international conference on Security of information and networks

Regular expression matching is the heart of many data processing routines, such as string search, network traffic filtering, etc. The traditional way of regexp matching is building and execution of a deterministic finite automaton (DFA), that provides O(...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGCOMM Computer Communication Review

ACM SIGCOMM Computer Communication Review Volume 38, Issue 5

October 2008

68 pages

ISSN:0146-4833

DOI:10.1145/1452335

Issue’s Table of Contents

Copyright © 2008 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 September 2008

Published in SIGCOMM-CCR Volume 38, Issue 5

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

125
Total Citations
View Citations
1,206
Total Downloads

Downloads (Last 12 months)54
Downloads (Last 6 weeks)10

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cicolini LCarloni FSantambrogio MConficconi DGrosser TDubach CSteuwer MXue JOttoni GQuintão Pereira F(2024)One Automaton to Rule Them All: Beyond Multiple Regular Expressions ExecutionProceedings of the 2024 IEEE/ACM International Symposium on Code Generation and Optimization10.1109/CGO57630.2024.10444810(193-206)Online publication date: 2-Mar-2024
https://dl.acm.org/doi/10.1109/CGO57630.2024.10444810
Dieck SVerwer S(2024)On Bidirectional Deterministic Finite AutomataImplementation and Application of Automata10.1007/978-3-031-71112-1_8(109-123)Online publication date: 3-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-71112-1_8
Kumar KPrithi SK. V(2022)Intelligent Systems in Latest DFA Compression Methods for DPCHandbook of Research on Evolving Designs and Innovation in ICT and Intelligent Systems for Real-World Applications10.4018/978-1-7998-9795-8.ch009(129-146)Online publication date: 24-Jun-2022
https://doi.org/10.4018/978-1-7998-9795-8.ch009
Zhang HZhou XLi HZhu GLi H(2022)Machine Recognition of Map Point Symbols Based on YOLOv3 and Automatic Configuration Associated with POIISPRS International Journal of Geo-Information10.3390/ijgi1111054011:11(540)Online publication date: 28-Oct-2022
https://doi.org/10.3390/ijgi11110540
Duan Xdong cma x(2022)Research and implementation of network defense and non-repeated substring pattern matching algorithmInternational Conference on Signal Processing and Communication Security (ICSPCS 2022)10.1117/12.2655409(42)Online publication date: 2-Nov-2022
https://doi.org/10.1117/12.2655409
Sun XLi HZhao DLu XPeng ZHu C(2022)Efficient regular expression matching over compressed trafficComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2019.106996168:COnline publication date: 21-Apr-2022
https://dl.acm.org/doi/10.1016/j.comnet.2019.106996
Nagayama SSasao TButler J(2022)Regular Expression Matching Using Zero-Suppressed Decision DiagramsApplications of Zero-Suppressed Decision Diagrams10.1007/978-3-031-79870-2_4(63-61)Online publication date: 23-Mar-2022
https://doi.org/10.1007/978-3-031-79870-2_4
Kumar K V(2021)Network Intrusion Detection System in Latest DFA Compression Methods for Deep Packet ScrutingDesign, Applications, and Maintenance of Cyber-Physical Systems10.4018/978-1-7998-6721-0.ch010(219-243)Online publication date: 25-Jun-2021
https://doi.org/10.4018/978-1-7998-6721-0.ch010
Prithi SSumathi S(2021)Automata Based Hybrid PSO–GWO Algorithm for Secured Energy Efficient Optimal Routing in Wireless Sensor NetworkWireless Personal Communications10.1007/s11277-020-07882-2Online publication date: 2-Jan-2021
https://doi.org/10.1007/s11277-020-07882-2
Hypolite JSonchack JHershkop SDautenhahn NDeHon ASmith JHan DFeldmann A(2020)DeepMatchProceedings of the 16th International Conference on emerging Networking EXperiments and Technologies10.1145/3386367.3431290(336-350)Online publication date: 23-Nov-2020
https://dl.acm.org/doi/10.1145/3386367.3431290
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents