期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于并行字符索引的多步长正则表达式匹配算法 被引量:7

Multi-Stride Regular Expression Matching Using Parallel Character Index
下载PDF
导出
摘要 深度包检测(deep packet inspection,DPI)是网络入侵检测与防御系统(network intrusion detection and prevention system,NIDPS)的核心.基于三态内容可寻址存储器(ternary content addressable memory,TCAM)的正则表达式匹配算法提高了数据包的处理速度,成为DPI技术的一个重要研究方向.TCAM具有查找速度快、存储空间小等特性,且能耗与存储空间成正比.由于DFA的存储空间开销比较大,且存储空间大小随着DFA步长数的增加而指数倍增,基于TCAM的DFA面临高能耗的问题,特别是多步长DFA.提出一种基于并行字符索引的多步长正则表达式匹配算法(multi-stride parallel character-indexed DFA,PCIDFA),对确定型有限自动机(deterministic finite automaton,DFA)构造并行字符索引,通过比特位图取交集,减少匹配时激活的TCAM块数,显著降低TCAM能耗.实验结果表明:与多步长DFA相比,多步长PCIDFA在TCAM能耗上减少了99.8%以上,在TCAM存储空间开销上减少了48.5%-65.3%,在吞吐量上提高了1.9-2.6倍. Deep packet inspection(DPI)is a key function of network intrusion detection and prevention systems(NIDPS).TCAM-based regular expression matching algorithms have been proposed as a promising approach to improve processing speed,which is an important research direction of DPI.Ternary content addressable memory(TCAM)has the characters of high searching speed and small storage space,as well as the TCAM power consumption is proportionate to its storage space.Deterministic finite automaton(DFA)requires large storage space and the storage space of multi-stride DFA grows exponentially with the stride of DFA,which leads to high TCAM power consumption of DFA,especially for multi-stride DFA.This paper presents a parallel character-indexed multi-stride regular expression matching algorithm to address such limitation.This algorithm uses the idea of building parallel character indexes according to the stride of DFA,and reduces the number of activated TCAM blocks by using bitmap intersection,which in turn translates low TCAM power.Experimental results show that our algorithm reduces the TCAM power by more than 99.8% as well as the TCAM space usage by 48.5%-65.3%,and improves the matching throughput by 1.9-2.6times compared with previous solutions based on multi-stride DFA.
作者 丁麟轩 黄昆 张大方
机构地区 湖南大学信息科学与工程学院 中国科学院计算技术研究所
出处 《计算机研究与发展》 EI CSCD 北大核心 2015年第3期681-690,共10页 Journal of Computer Research and Development
基金 国家"九七三"重点基础研究发展计划基金项目(2012CB315805) 国家自然科学基金项目(61173167 61100171)
关键词 正则表达式匹配 三态内容可寻址存储器 并行字符索引 分块存储 低能耗 regular expression matching ternary content addressable memory(TCAM) parallel character index block-based storage low power
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献26

  • 1Paxson V, Asanovic K, Dharmapurikar S, et al. Rethinking hardware support for network analysis and intrusion prevention [C] //Proc of the 15th USENIX Workshop on Hot Topics in Security. Berkeley, CA: USENIX Association, 2006:63-68. 被引量:1
  • 2Sommer R, Paxson V. Enhancing byteleve network intrusion detection signatures with context[C] //Proc of the lOth ACM Conf on Computer and Communications Security. New York= ACM, 2003= 262-271. 被引量:1
  • 3范慧萍,宣蕾,陈曙晖,黄高平.基于正则表达式的应用层协议识别加速[J].计算机研究与发展,2008,45(z1):438-443. 被引量:9
  • 4Snort. Snort: :rules[EB/OL]. (2014-02 07) [2014-03-04]. http://www, snort, org/start/rules. 被引量:1
  • 5Bro. The bro network security monitor [EB/OL]. (2013 11- 08) [2014 03-04]. http://www, bro. org/. 被引量:1
  • 6HP. TippingPoint next generation intrusion prevention system (NGIPS) [EB/OL]. (2013-05 08) [-2014-03-041. http//wwwS, hp. com/us/en/software solutions/software. html?compURI 1343617. 被引量:1
  • 7Cisco. Instrusion prevention system (IPS) Cisco systems [EB/OL]. (2013-05-08) [2014 03-04]. http://www, cisco. corn/c/en/us/produets/securit y/intrusion-prevention-syst em ips/ index, html. 被引量:1
  • 8Yu Fang, Katz R H, Lakshman T V. Gigabit rate packet pattern- matching using TCAM [C] //Proc of the 12th IEEE Int Cont" on Network Protocols. Piscataway, N J: IEEE, 2004:174-183. 被引量:1
  • 9Meiners C R, Patel J, Norige E, et al. Fast regular expression matching using small TCAMs for network intrusion detection and prevention systems [C] //Proc of the 19th USENIX Security Symp. Berkeley, CA: USENIX Association, 2010:1-16. 被引量:1
  • 10Peng Kunyang, Tang Siyuan, Chen Min, et al. Chain-based DFA deflation for fast and scalable regular expression matching using TCAM [C] //Proc of the 7th ACM/IEEE Symp on Architectures for Networking and Communications Systems. NewYork ACM, 2011:24-35. 被引量:1

二级参考文献22

  • 1陈亮,龚俭,徐选.基于特征串的应用层协议识别[J].计算机工程与应用,2006,42(24):16-19. 被引量:43
  • 2李伟男,鄂跃鹏,葛敬国,钱华林.多模式匹配算法及硬件实现[J].软件学报,2006,17(12):2403-2415. 被引量:42
  • 3[1]Joan Danmen,Vincent Riijmen.AES proposal:Rijndae1.AES algorithm submission.http://www.nist.gov/aes,1999-09 被引量:1
  • 4[3]Application Layer Packet Classifier for Linux.http://17-filter.sourceforge.net,2006 被引量:1
  • 5[4]Jeffrey E F Friedl.Mastering Regular Expressions.Sebastopol,CA:O'Reilly Media,Inc,2006 被引量:1
  • 6[5]Fang Yu,Zhifeng Chen,Yanlei Diao.Fast and memory-efficient regular expression matching for deep packet inspection.EECS Department,University of California,Berkeley,Tech Rep:UCB/EECS-2006-76,2006 被引量:1
  • 7[6]K Thompson.Regular expression search algorithm.Communications of the ACM,1968,11(6):410-422 被引量:1
  • 8[8]MIT DARPA Intrusion Detection Data Sets.http://www.ll.mit.edu/IST/ideval/data/2000/2000_data_index.html,2000 被引量:1
  • 9Aho A V, Corasick M J. Efficient string matching: An aid to bibliographic search [J]. Communications of the ACM, 1975, 18(6): 333-340. 被引量:1
  • 10Tuck N, Sherwood T, Calder B, et al. Deterministic memory efficient string matching algorithms for intrusion detection [C] //Proc of the IEEE INFOCOM 2004. Piscataway, NJ: IEEE Press, 2004:333-340. 被引量:1

共引文献23

同被引文献38

引证文献7

二级引证文献7

计算机研究与发展
2015年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部