Abstract
Regular Expression (RegEx) matching has been widely used in many network security systems. Despite much effort on this important problem, it remains a fundamentally difficult problem. DFA-based solutions are efficient in time but inefficient in memory, while NFA-based solutions are memory-efficient but time-inefficient. This poster provides a new solution named EFA (Excl-deterministic Finite Automata) to address the problem by excluding cancerogenic states from active state sets. The cancerogenic states are identified based on conflict relations. We make an evaluation of EFA with real RegExes and traffic traces. Experimental results show that EFA can dramatically reduce DFA state size at the cost of limited matching performance.
Supported by the National High-Tech Research and Development Plan of China under Grant No. 2011AA010705 and the Strategic Priority Research Program of the Chinese Academy of Sciences under Grant No.XDA06030200.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yang, Y.H.E., Prasanna, V.K.: Space-Time Tradeoff in Regular Expression Matching with Semi-Deterministic Finite Automata. In: INFOCOM, pp. 1853–1861 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Qiao, D., Liu, T., Sun, Y., Guo, L. (2012). EFA for Efficient Regular Expression Matching in NIDS (Poster Abstract). In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2012. Lecture Notes in Computer Science, vol 7462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33338-5_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-33338-5_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33337-8
Online ISBN: 978-3-642-33338-5
eBook Packages: Computer ScienceComputer Science (R0)