A path combinational method for multiple pattern matching

Tian Song; Dongsheng Wang

doi:10.1145/1882486.1882507

A path combinational method for multiple pattern matching

Tian Song^*
, Dongsheng Wang

^*此作品的通讯作者

网络空间安全学院

Tsinghua University

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

2 引用（Scopus）

摘要

Multiple pattern matching architecture is critical for content inspection based network security applications, especially for high speed network or large pattern sets. This paper presents a method to optimize the potential memory usage for multiple string or regular expression matching by the idea of combining DFA's paths, named isomorphic path combination (IMPC). To achieve IMPC, a novel multiple pattern matching algorithm is proposed, which is based on Cached DFA (CDFA). Compared to extended AC algorithm based on DFA, our method on CDFA can reduce 78.6% states for Snort pattern set, which results in one of the most memory efficient methods. More important is that our method can be embedded to other algorithms as the optimization.

源语言	英语
主期刊名	ANCS'09
主期刊副标题	Symposium on Architecture for Networking and Communications Systems
页	76-77
页数	2
DOI	https://doi.org/10.1145/1882486.1882507
出版状态	已出版 - 2009
活动	2009 Symposium on Architecture for Networking and Communications Systems, ANCS'09 - Princeton, NJ, 美国期限: 19 10月 2009 → 20 10月 2009

出版系列

姓名	ANCS'09: Symposium on Architecture for Networking and Communications Systems

会议

会议	2009 Symposium on Architecture for Networking and Communications Systems, ANCS'09
国家/地区	美国
市	Princeton, NJ
时期	19/10/09 → 20/10/09

访问文件

10.1145/1882486.1882507

其它文件与链接

链接到 Scopus 的出版物

引用此

@inproceedings{a6b04030e84b4d2c9ad607a96b21e659,

title = "A path combinational method for multiple pattern matching",

abstract = "Multiple pattern matching architecture is critical for content inspection based network security applications, especially for high speed network or large pattern sets. This paper presents a method to optimize the potential memory usage for multiple string or regular expression matching by the idea of combining DFA's paths, named isomorphic path combination (IMPC). To achieve IMPC, a novel multiple pattern matching algorithm is proposed, which is based on Cached DFA (CDFA). Compared to extended AC algorithm based on DFA, our method on CDFA can reduce 78.6\% states for Snort pattern set, which results in one of the most memory efficient methods. More important is that our method can be embedded to other algorithms as the optimization.",

keywords = "DFA, intrusion detection, multi-pattern matching, string matching",

author = "Tian Song and Dongsheng Wang",

year = "2009",

doi = "10.1145/1882486.1882507",

language = "English",

isbn = "9781605586304",

series = "ANCS'09: Symposium on Architecture for Networking and Communications Systems",

pages = "76--77",

booktitle = "ANCS'09",

note = "2009 Symposium on Architecture for Networking and Communications Systems, ANCS'09 ; Conference date: 19-10-2009 Through 20-10-2009",

}

Song, T & Wang, D 2009, A path combinational method for multiple pattern matching. 在 ANCS'09: Symposium on Architecture for Networking and Communications Systems. ANCS'09: Symposium on Architecture for Networking and Communications Systems, 页码 76-77, 2009 Symposium on Architecture for Networking and Communications Systems, ANCS'09, Princeton, NJ, 美国, 19/10/09. https://doi.org/10.1145/1882486.1882507

TY - GEN

T1 - A path combinational method for multiple pattern matching

AU - Song, Tian

AU - Wang, Dongsheng

PY - 2009

Y1 - 2009

N2 - Multiple pattern matching architecture is critical for content inspection based network security applications, especially for high speed network or large pattern sets. This paper presents a method to optimize the potential memory usage for multiple string or regular expression matching by the idea of combining DFA's paths, named isomorphic path combination (IMPC). To achieve IMPC, a novel multiple pattern matching algorithm is proposed, which is based on Cached DFA (CDFA). Compared to extended AC algorithm based on DFA, our method on CDFA can reduce 78.6% states for Snort pattern set, which results in one of the most memory efficient methods. More important is that our method can be embedded to other algorithms as the optimization.

AB - Multiple pattern matching architecture is critical for content inspection based network security applications, especially for high speed network or large pattern sets. This paper presents a method to optimize the potential memory usage for multiple string or regular expression matching by the idea of combining DFA's paths, named isomorphic path combination (IMPC). To achieve IMPC, a novel multiple pattern matching algorithm is proposed, which is based on Cached DFA (CDFA). Compared to extended AC algorithm based on DFA, our method on CDFA can reduce 78.6% states for Snort pattern set, which results in one of the most memory efficient methods. More important is that our method can be embedded to other algorithms as the optimization.

KW - DFA

KW - intrusion detection

KW - multi-pattern matching

KW - string matching

UR - https://www.scopus.com/pages/publications/78650938087

U2 - 10.1145/1882486.1882507

DO - 10.1145/1882486.1882507

M3 - Conference contribution

AN - SCOPUS:78650938087

SN - 9781605586304

T3 - ANCS'09: Symposium on Architecture for Networking and Communications Systems

SP - 76

EP - 77

BT - ANCS'09

T2 - 2009 Symposium on Architecture for Networking and Communications Systems, ANCS'09

Y2 - 19 October 2009 through 20 October 2009

ER -

A path combinational method for multiple pattern matching

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此