Skip to main content
SpringerLink
Log in
Book cover

International Conference on Future Generation Communication and Networking

FGCN 2009: Communication and Networking pp 149–156Cite as

Module-Based Finite Automata: A Scalable and Memory-Efficient Architecture for Multi-pattern Matching in Deep Packet Inspection

  • Conference paper

  • 1234 Accesses

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 56))

Abstract

Multi-pattern matching is a critical technique for building high performance Network Intrusion Detection Systems (NIDS) and Deep Packet Inspection System (DPIS). Given a set of signature database, multi-pattern matching compares packet against patterns to detect the known attacks. Deterministic Finite Automaton (DFA) is widely used for multi-pattern matching in NIDS for its constant matching speed even in the worst case. Existing DFA-based works have claimed to achieve a high speed throughput at expenses of extremely high memory cost and logic complexity, so it fails to meet the memory space requirements of embedded system or high performance routers. In this paper, we propose a novel a memory-efficient multi-pattern matching acceleration scheme called Module-based Finite Automata (MB-FA) which could achieve a great acceleration with little memory duplication. The basic idea of MB-FA is to store the original DFA in independent modules with a delicate algorithm so that inter-flow parallelism can be exploited to its largest scale. A full systematic design of MB-FA is presented, and support for rule update is also introduced. Evaluation experiments show that without any optimization, MB-FA can achieve an average speed-up of 20 times when the memory cost is almost the twice of original DFA.

This work is supported by NSFC (60625201, 60873250, 60903182), the Cultivation Fund of the Key Scientific and Technical Innovation Project, MoE, China (705003), the Specialized Research Fund for the Doctoral Program of Higher Education of China (20060003058), 863 high-tech project (2007AA01Z216,2007AA01Z468) and national innovation experiment program for university students.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Navarro, G., Raffinot, M.: Flexible PatternMatching in Strings-Practical On-Line Search Algorithms for Texts and Biological Sequences. Cambridge Univ. Press, Cambridge (2002)

    Google Scholar 

  2. Coit, C.J., Staniford, S., McAlerney, J.: Towards faster string matching for intrusion detection or exceeding the speed of snort. In: Proc. DARPA Information Survivability Conf. Exposition (DISCEX II 2001), pp. 367–373 (2001)

    Google Scholar 

  3. Fisk, M., Varghese, G.: Fast content-based packet handling for intrusion detection. UCSD, UCSD Tech. Rep. CS2001–0670 (2001)

    Google Scholar 

  4. Anagnostakis, K.G., Markatos, E.P., Antonatos, S., Polychronakis, M.: E2XB: A domain-specific string matching algorithm for intrusion detection. In: presented at the 18th IFIP Int. Information Security Conf., Athens, Greece (2003)

    Google Scholar 

  5. Liu, R.T., Huang, N.F., Chen, C.H., Kao, C.N.: A fast string-match algorithm for network processor-based network intrusion detection system. ACM Trans. Embedded Comput. Syst. 3, 614–633 (2004)

    Article  Google Scholar 

  6. Aho, A.V., Corasick, M.J.: Efficient string matching: an aid to bibliographic search. Commun. ACM 18(6), 333–340 (1975)

    Article  MATH  MathSciNet  Google Scholar 

  7. Walter, B.C.: A string matching algorithm fast on the average. In: Maurer, H.A. (ed.) ICALP 1979. LNCS, vol. 71, pp. 118–132. Springer, Heidelberg (1979)

    Google Scholar 

  8. Snort (2009), http://www.snort.org/

  9. ClamAV, http://www.clamav.net/

  10. Song, T., Zhang, W., Wang, D., Xue, Y.: A memory efficient multiple pattern matching architecture for network security. In: IEEE INFOCOM (2008)

    Google Scholar 

  11. Lu, H., Zheng, K., Liu, B., Zhang, X., Liu, Y.: A memory-efficient parallel string matching architecture for high-speed intrusion detection. IEEE JSAC 24(10) (2006)

    Google Scholar 

  12. Dharmapurikar, S., Lockwood, J.W.: Fast and scalable pattern matching for network intrusion detection systems. IEEE JSAC 24(10) (2006)

    Google Scholar 

  13. van Lunteren, J.: High-performance pattern-matching for intrusion detection. In: IEEE INFOCOM (2006)

    Google Scholar 

  14. Tan, L., Sherwood, T.: A high throughput string matching architecture for intrusion detection and prevention. In: ISCA (2005)

    Google Scholar 

  15. Fang, Y., Katz, R.H., Lakshman, T.V.: Gigabit rate packet pattern matching using tcam. In: IEEE ICNP (2004)

    Google Scholar 

  16. Hua, N., Song, H., Lakshman, T.V.: Variable-Stride Multi-Pattern Matching For Scalable Deep Packet Inspection. In: IEEE INFOCOM (2009)

    Google Scholar 

  17. Brodie, B.C., Taylor, D.E., Cytron, R.K.: A scalable architecture for high-throughput regular-expression pattern matching. In: ISCA (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, Tsinghua University, China PRC

    Junchen Jiang, Yi Tang & Bin Liu

  2. Department of Computer Science and Technology, Dublin City University, Ireland

    Xiaofei Wang

Authors
  1. Junchen Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yi Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaofei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Warsaw & Infobright Inc., Poland

    Dominik Ślęzak

  2. Hannam University, 306-791, Daejeon, South Korea

    Tai-hoon Kim

  3. National Chung Cheng University, Chiayi County, Taiwan

    Alan Chin-Chen Chang

  4. University of Western Macedonia, West Macedonia, Greece

    Thanos Vasilakos

  5. Tianjin University, China

    MingChu Li

  6. Faculty of Information Science and Electrical Engineering, Kyushu University, 6-10-1 Hakozaki, 812-8581, Fukuoka, Japan

    Kouichi Sakurai

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jiang, J., Tang, Y., Wang, X., Liu, B. (2009). Module-Based Finite Automata: A Scalable and Memory-Efficient Architecture for Multi-pattern Matching in Deep Packet Inspection. In: Ślęzak, D., Kim, Th., Chang, A.CC., Vasilakos, T., Li, M., Sakurai, K. (eds) Communication and Networking. FGCN 2009. Communications in Computer and Information Science, vol 56. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10844-0_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10844-0_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10843-3

  • Online ISBN: 978-3-642-10844-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation