Abstract
Mobile devices play an important role in our everyday lives, but they also bring great security threats. Deep packet inspection (DPI) is one of the most efficient methods to detect the malicious information hidden in the mobile traffic, and regular expression matching is widely used in DPI for its powerful expressive ability. However, with the increasing complexity of regular expressions, traditional solutions cannot meet the requirements of both storage and high performance. In this paper, we propose a novel hybrid matching architecture and two-stage memory architecture for the state of the art hybrid FA to solve this problem. Experiment results confirm that our architecture is scalable to complex rule sets, and the matching performance outperforms state of the art memory centric solution by up to 15x.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Application layer packet classifier for linux (2009). http://l7-filter.sourceforge.net/
Bro intrusion detection system (2014). http://www.bro.org/
Broadcom, xlp700 series. https://www.broadcom.com/products/enterprise-and-network-processors/processors/xlp700-series
Cavium, octeon5860. http://www.cavium.com/OCTEON_MIPS64.html/
Snort v2.9 (2014). http://www.snort.org/
Becchi, M., Cadambi, S.: Memory-efficient regular expression search using state merging. In: INFOCOM 2007, Proceedings of the 26th IEEE International Conference on Computer Communications, pp. 1064–1072. IEEE (2007)
Becchi, M., Crowley, P.: A hybrid finite automaton for practical deep packet inspection. In: Proceedings of the 2007 ACM CoNEXT Conference, p. 1. ACM (2007)
Becchi, M., Crowley, P.: Efficient regular expression evaluation: theory to practice. In: Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, pp. 50–59. ACM (2008)
Becchi, M., Crowley, P.: A-DFA: a time-and space-efficient DFA compression algorithm for fast regular expression evaluation. ACM Trans. Arch. Code Optim. (TACO) 10(1), 4 (2013)
Chen, S., Lu, R.: A regular expression matching engine with hybrid memories. Comput. Stand. Interfaces 36(5), 880–888 (2014)
Kong, S., Smith, R., Estan, C.: Efficient signature matching with multiple alphabet compression tables. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, p. 1. ACM (2008)
Kumar, S., Chandrasekaran, B., Turner, J., Varghese, G.: Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia. In: Proceedings of the 3rd ACM/IEEE Symposium on Architecture for Networking and Communications Systems, pp. 155–164. ACM (2007)
Kumar, S., Dharmapurikar, S., Yu, F., Crowley, P., Turner, J.: Algorithms to accelerate multiple regular expressions matching for deep packet inspection. ACM SIGCOMM Comput. Commun. Rev. 36(4), 339–350 (2006)
La Polla, M., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Commun. Surv. Tutor. 15(1), 446–471 (2013)
Liu, A.X., Torng, E.: An overlay automata approach to regular expression matching. In: INFOCOM, 2014 Proceedings IEEE, pp. 952–960. IEEE (2014)
Liu, T., Liu, A.X., Shi, J., Sun, Y., Guo, L.: Towards fast and optimal grouping of regular expressions via DFA size estimation. IEEE J. Sel. Areas Commun. 32(10), 1797–1809 (2014)
Patel, J., Liu, A.X., Torng, E.: Bypassing space explosion in high-speed regular expression matching. IEEE/ACM Trans. Netw. (TON) 22(6), 1701–1714 (2014)
Qi, Y., Wang, K., Fong, J., Xue, Y., Li, J., Jiang, W., Prasanna, V.: Feacan: front-end acceleration for content-aware network processing. In: INFOCOM, 2011 Proceedings IEEE, pp. 2114–2122. IEEE (2011)
Smith, R., Estan, C., Jha, S.: XFA: faster signature matching with extended automata. In: IEEE Symposium on Security and Privacy, SP 2008, pp. 187–201. IEEE (2008)
Wang, K., Fu, Z., Hu, X., Li, J.: Practical regular expression matching free of scalability and performance barriers. Comput. Commun. 54, 97–119 (2014)
Xu, Y., Jiang, J., Wei, R., Song, Y., Chao, H.J.: TFA: a tunable finite automaton for pattern matching in network intrusion detection systems. IEEE J. Sel. Areas Commun. 32(10), 1810–1821 (2014)
Yang, Y., Prasanna, V.K.: Space-time tradeoff in regular expression matching with semi-deterministic finite automata. In: INFOCOM, 2011 Proceedings IEEE, pp. 1853–1861. IEEE (2011)
Yu, F., Chen, Z., Diao, Y., Lakshman, T., Katz, R.H.: Fast and memory-efficient regular expression matching for deep packet inspection. In: Proceedings of the 2006 ACM/IEEE Symposium on Architecture for Networking and Communications Systems, pp. 93–102. ACM (2006)
Sbeyti, H., Malli, M., Al-Tahat, K., Fadlallah, A., Youssef, M.: Scalable extensible middleware framework for context-aware mobile applications (SCAMMP). J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 7(3), 77–98 (2016)
Carniani, E., Costantino, G., Marino, F., Martinelli, F., Mori, P.: Enhancing video surveillance with usage control and privacy-preserving solutions. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 7, 41–64 (2016)
Kitana, A., Traore, I., Woungang, I.: Impact study of a mobile botnet over LTE networks. J. Internet Serv. Inf. Secur. (JISIS) 6(2), 1–22 (2016)
Kim, N.Y., Shim, J., Cho, S., Park, M., Han, S.: Android application protection against static reverse engineering based on multidexing. J. Internet Serv. Inf. Secur. (JISIS) 6(4), 54–64 (2016)
Acknowledgments
This work was supported in part by National Science Foundation of China under grant No. 61379148 and No. 61202488, and the outstanding young scholar funding of NUDT.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Xu, C., Zhao, B., Chen, S., Su, J. (2018). A Novel Hybrid Architecture for High Speed Regular Expression Matching. In: You, I., Leu, FY., Chen, HC., Kotenko, I. (eds) Mobile Internet Security. MobiSec 2016. Communications in Computer and Information Science, vol 797. Springer, Singapore. https://doi.org/10.1007/978-981-10-7850-7_15
Download citation
DOI: https://doi.org/10.1007/978-981-10-7850-7_15
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-7849-1
Online ISBN: 978-981-10-7850-7
eBook Packages: Computer ScienceComputer Science (R0)