TY - GEN
T1 - Another CDFA based multi-pattern matching algorithm and architecture for packet inspection
AU - Song, Tian
AU - Wang, Dongsheng
PY - 2011
Y1 - 2011
N2 - Multi-pattern matching algorithm and architecture is critical for packet inspection based network security applications, especially for high speed network or large pattern sets. This paper presents a method to optimize the potential memory usage of DFA based algorithms for multi-pattern expression matching by the combining DFA's paths, named isomorphic path combina-tion (IMPC). To achieve IMPC, a novel multi-pattern matching algorithm, called ACS, is proposed, which is based on CDFA. Compared to the algorithms on DFA, our method can reduce 78.6% states for Snort pattern set, which results in one of the most memory efficient methods. The most important is that our method is a kind of optimization and can be embedded to other algorithms as the second step for better results. Finally the architecture based on ACS is proposed and the experimental results show that 47.6% to 84.0% memory space can be saved for different size of pattern sets as compared to the best known architectures. The method is another one based on CDFA. It means that CDFA may be a more proper model for multi-pattern matching than other FAs.
AB - Multi-pattern matching algorithm and architecture is critical for packet inspection based network security applications, especially for high speed network or large pattern sets. This paper presents a method to optimize the potential memory usage of DFA based algorithms for multi-pattern expression matching by the combining DFA's paths, named isomorphic path combina-tion (IMPC). To achieve IMPC, a novel multi-pattern matching algorithm, called ACS, is proposed, which is based on CDFA. Compared to the algorithms on DFA, our method can reduce 78.6% states for Snort pattern set, which results in one of the most memory efficient methods. The most important is that our method is a kind of optimization and can be embedded to other algorithms as the second step for better results. Finally the architecture based on ACS is proposed and the experimental results show that 47.6% to 84.0% memory space can be saved for different size of pattern sets as compared to the best known architectures. The method is another one based on CDFA. It means that CDFA may be a more proper model for multi-pattern matching than other FAs.
KW - CDFA
KW - NIDS
KW - pattern matching
KW - string matching
UR - https://www.scopus.com/pages/publications/80053010488
U2 - 10.1109/ICCCN.2011.6005927
DO - 10.1109/ICCCN.2011.6005927
M3 - Conference contribution
AN - SCOPUS:80053010488
SN - 9781457706387
T3 - Proceedings - International Conference on Computer Communications and Networks, ICCCN
BT - 2011 20th International Conference on Computer Communications and Networks, ICCCN 2011 - Proceedings
T2 - 2011 20th International Conference on Computer Communications and Networks, ICCCN 2011
Y2 - 31 July 2011 through 4 August 2011
ER -