Skip to main content
SpringerLink
Log in

A Novel Hybrid Architecture for High Speed Regular Expression Matching

  • Conference paper
  • First Online:
Mobile Internet Security (MobiSec 2016)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 797))

Included in the following conference series:

  • 391 Accesses

Abstract

Mobile devices play an important role in our everyday lives, but they also bring great security threats. Deep packet inspection (DPI) is one of the most efficient methods to detect the malicious information hidden in the mobile traffic, and regular expression matching is widely used in DPI for its powerful expressive ability. However, with the increasing complexity of regular expressions, traditional solutions cannot meet the requirements of both storage and high performance. In this paper, we propose a novel hybrid matching architecture and two-stage memory architecture for the state of the art hybrid FA to solve this problem. Experiment results confirm that our architecture is scalable to complex rule sets, and the matching performance outperforms state of the art memory centric solution by up to 15x.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Application layer packet classifier for linux (2009). http://l7-filter.sourceforge.net/

  2. Bro intrusion detection system (2014). http://www.bro.org/

  3. Broadcom, xlp700 series. https://www.broadcom.com/products/enterprise-and-network-processors/processors/xlp700-series

  4. Cavium, octeon5860. http://www.cavium.com/OCTEON_MIPS64.html/

  5. Snort v2.9 (2014). http://www.snort.org/

  6. Becchi, M., Cadambi, S.: Memory-efficient regular expression search using state merging. In: INFOCOM 2007, Proceedings of the 26th IEEE International Conference on Computer Communications, pp. 1064–1072. IEEE (2007)

    Google Scholar 

  7. Becchi, M., Crowley, P.: A hybrid finite automaton for practical deep packet inspection. In: Proceedings of the 2007 ACM CoNEXT Conference, p. 1. ACM (2007)

    Google Scholar 

  8. Becchi, M., Crowley, P.: Efficient regular expression evaluation: theory to practice. In: Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, pp. 50–59. ACM (2008)

    Google Scholar 

  9. Becchi, M., Crowley, P.: A-DFA: a time-and space-efficient DFA compression algorithm for fast regular expression evaluation. ACM Trans. Arch. Code Optim. (TACO) 10(1), 4 (2013)

    Google Scholar 

  10. Chen, S., Lu, R.: A regular expression matching engine with hybrid memories. Comput. Stand. Interfaces 36(5), 880–888 (2014)

    Article  Google Scholar 

  11. Kong, S., Smith, R., Estan, C.: Efficient signature matching with multiple alphabet compression tables. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, p. 1. ACM (2008)

    Google Scholar 

  12. Kumar, S., Chandrasekaran, B., Turner, J., Varghese, G.: Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia. In: Proceedings of the 3rd ACM/IEEE Symposium on Architecture for Networking and Communications Systems, pp. 155–164. ACM (2007)

    Google Scholar 

  13. Kumar, S., Dharmapurikar, S., Yu, F., Crowley, P., Turner, J.: Algorithms to accelerate multiple regular expressions matching for deep packet inspection. ACM SIGCOMM Comput. Commun. Rev. 36(4), 339–350 (2006)

    Article  Google Scholar 

  14. La Polla, M., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Commun. Surv. Tutor. 15(1), 446–471 (2013)

    Article  Google Scholar 

  15. Liu, A.X., Torng, E.: An overlay automata approach to regular expression matching. In: INFOCOM, 2014 Proceedings IEEE, pp. 952–960. IEEE (2014)

    Google Scholar 

  16. Liu, T., Liu, A.X., Shi, J., Sun, Y., Guo, L.: Towards fast and optimal grouping of regular expressions via DFA size estimation. IEEE J. Sel. Areas Commun. 32(10), 1797–1809 (2014)

    Article  Google Scholar 

  17. Patel, J., Liu, A.X., Torng, E.: Bypassing space explosion in high-speed regular expression matching. IEEE/ACM Trans. Netw. (TON) 22(6), 1701–1714 (2014)

    Article  Google Scholar 

  18. Qi, Y., Wang, K., Fong, J., Xue, Y., Li, J., Jiang, W., Prasanna, V.: Feacan: front-end acceleration for content-aware network processing. In: INFOCOM, 2011 Proceedings IEEE, pp. 2114–2122. IEEE (2011)

    Google Scholar 

  19. Smith, R., Estan, C., Jha, S.: XFA: faster signature matching with extended automata. In: IEEE Symposium on Security and Privacy, SP 2008, pp. 187–201. IEEE (2008)

    Google Scholar 

  20. Wang, K., Fu, Z., Hu, X., Li, J.: Practical regular expression matching free of scalability and performance barriers. Comput. Commun. 54, 97–119 (2014)

    Article  Google Scholar 

  21. Xu, Y., Jiang, J., Wei, R., Song, Y., Chao, H.J.: TFA: a tunable finite automaton for pattern matching in network intrusion detection systems. IEEE J. Sel. Areas Commun. 32(10), 1810–1821 (2014)

    Article  Google Scholar 

  22. Yang, Y., Prasanna, V.K.: Space-time tradeoff in regular expression matching with semi-deterministic finite automata. In: INFOCOM, 2011 Proceedings IEEE, pp. 1853–1861. IEEE (2011)

    Google Scholar 

  23. Yu, F., Chen, Z., Diao, Y., Lakshman, T., Katz, R.H.: Fast and memory-efficient regular expression matching for deep packet inspection. In: Proceedings of the 2006 ACM/IEEE Symposium on Architecture for Networking and Communications Systems, pp. 93–102. ACM (2006)

    Google Scholar 

  24. Sbeyti, H., Malli, M., Al-Tahat, K., Fadlallah, A., Youssef, M.: Scalable extensible middleware framework for context-aware mobile applications (SCAMMP). J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 7(3), 77–98 (2016)

    Google Scholar 

  25. Carniani, E., Costantino, G., Marino, F., Martinelli, F., Mori, P.: Enhancing video surveillance with usage control and privacy-preserving solutions. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 7, 41–64 (2016)

    Google Scholar 

  26. Kitana, A., Traore, I., Woungang, I.: Impact study of a mobile botnet over LTE networks. J. Internet Serv. Inf. Secur. (JISIS) 6(2), 1–22 (2016)

    Google Scholar 

  27. Kim, N.Y., Shim, J., Cho, S., Park, M., Han, S.: Android application protection against static reverse engineering based on multidexing. J. Internet Serv. Inf. Secur. (JISIS) 6(4), 54–64 (2016)

    Google Scholar 

Download references

Acknowledgments

This work was supported in part by National Science Foundation of China under grant No. 61379148 and No. 61202488, and the outstanding young scholar funding of NUDT.

Author information

Authors and Affiliations

  1. College of Computer, National University of Defense Technology, No. 137, Yanwachi Street, Changsha, 410073, Hunan, China

    Chengcheng Xu, Baokang Zhao, Shuhui Chen & Jinshu Su

  2. National Key Laboratory for Parallel and Distributed Processing, National University of Defense Technology, Changsha, 410073, China

    Jinshu Su

Authors
  1. Chengcheng Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Baokang Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shuhui Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jinshu Su
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Baokang Zhao .

Editor information

Editors and Affiliations

  1. Department of Information Security Engineering, Soonchunhyang University, Chungcheongnam-do, Korea (Republic of)

    Ilsun You

  2. Tunghai University, Taichung, Taiwan

    Fang-Yie Leu

  3. Asia University, Taichung, Taiwan

    Hsing-Chung Chen

  4. SPIRAS, St. Petersburg, Russia

    Igor Kotenko

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xu, C., Zhao, B., Chen, S., Su, J. (2018). A Novel Hybrid Architecture for High Speed Regular Expression Matching. In: You, I., Leu, FY., Chen, HC., Kotenko, I. (eds) Mobile Internet Security. MobiSec 2016. Communications in Computer and Information Science, vol 797. Springer, Singapore. https://doi.org/10.1007/978-981-10-7850-7_15

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-7850-7_15

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-7849-1

  • Online ISBN: 978-981-10-7850-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation