Skip to main content
SpringerLink
Log in

An improved method in deep packet inspection based on regular expression

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

The continuous development of Internet technology makes the network intrusion detection technology get more and more attention. Deep packet inspection technology as an effective network intrusion detection technology can play a huge role in network security. Deep packet inspection technology is a kind of network intrusion detection technology applied to the application layer in detail, rather than only detecting the port information of the packet. The regular expression matching technology is a key technology in deep packet inspection because of the rich semantics and flexibility of regular expressions. However, a huge number of transfer edges exist when the matching algorithm is being applied, which will lead to an increase in memory usage of the algorithm. In this paper, we propose an improved method of concatenating transfer edges. By using character interval, several consecutive characters are represented by character intervals, which can reduce the number of transfer edges effectively. In addition, a comparison experiment is given to compare the two methods which are before and after the improvement. It shows that the number of transfer edges can be reduced to 10% of that before improvement and the efficiency of deep packet inspection is improved.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Yin C, Feng L, Ma L (2016) An improved Hoeffding-ID data-stream classification algorithm. J Supercomput 72(7):2670–2681

    Article  Google Scholar 

  2. Gu B, Sun X, Sheng VS (2017) Structural Minimax Probability Machine. IEEE Trans Neural Netw Learn Syst 28(7):1646–1656

    Article  MathSciNet  Google Scholar 

  3. Yin C, Zhang S (2017) Parallel implementing improved k-means applied for image retrieval and anomaly detection. Multimed Tools Appl 76(16):16911–16927

    Article  Google Scholar 

  4. Wang J, Zhang Z, Li B, Lee S, Sherratt R (2014) An enhanced fall detection system for elderly person monitoring using consumer home networks. IEEE Trans Consum Electron 60(1):23–29

    Article  Google Scholar 

  5. Yin C, Xi J, Sun R, Wang J (2017) Location privacy protection based on differential privacy strategy for big data in industrial internet-of-things. IEEE Trans Ind Inform PP(99):1–1. https://doi.org/10.1109/TII.2017.2773646

    Article  Google Scholar 

  6. Fu Z, Ren K, Shu J, Sun X, Huang F (2016) Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE Trans Parallel Distrib Syst 27(9):2546–2559

    Article  Google Scholar 

  7. Keegan N, Ji SY, Chaudhary A, Concolato C, Yu B, Jeong DH (2016) A survey of cloud-based network intrusion detection analysis. Human-centric Comput Inf Sci 6(1):19

    Article  Google Scholar 

  8. Rathod SB, Reddy VK (2017) Ndynamic framework for secure vm migration over cloud computing. J Inf Process Syst 13(3):476–490

    Google Scholar 

  9. Iuga C, Nurse JR, Erola A (2016) Baiting the hook: factors impacting susceptibility to phishing attacks. Human-centric Comput Inf Sci 6(1):8

    Article  Google Scholar 

  10. Antonello R, Fernandes S, Sadok D, Kelner J, Szabó G (2015) Design and optimizations for efficient regular expression matching in DPI systems. Comput Commun 61:103–120

    Article  Google Scholar 

  11. Yin C, Xia L, Zhang S, Sun R, Wang J (2017) Improved clustering algorithm based on high-speed network data stream. Soft Comput 22(13):4185–4195

    Article  Google Scholar 

  12. Ma T, Zhang Y, Cao J, Shen J, Tang M, Tian Y, Al-Rodhaan M (2015) KDVEM: a k-degree anonymity with vertex and edge modification algorithm. Computing 97(12):1165–1184

    Article  MathSciNet  MATH  Google Scholar 

  13. Gu B, Sheng VS, Tay KY, Romano W, Li S (2015) Incremental support vector learning for ordinal regression. IEEE Trans Neural Netw Learn Syst 26(7):1403–1416

    Article  MathSciNet  Google Scholar 

  14. Gu B, Sheng VS (2017) A robust regularization path algorithm for v-support vector classification. IEEE Trans Neural Netw Learn Syst 28(5):1241–1248

    Article  Google Scholar 

  15. Gai K, Qiu M, Hassan H (2017) Secure cyber incident analytics framework using Monte Carlo simulations for financial cybersecurity insurance in cloud computing. Concurr Comput Pract Exp 29(7):e3856

    Article  Google Scholar 

  16. Chen L, Qiu M, Song J, Xiong Z, Hassan H (2018) E2FS: an elastic storage system for cloud computing. J Supercomput 74(3):1045–1060

    Article  Google Scholar 

  17. Jiang J, Wen S, Yu S, Xiang Y, Zhou W, Hassan H (2017) The structure of communities in scale-free networks. Concurr Comput Pract Exp 29(14):e4040

    Article  Google Scholar 

  18. Kim J, Chung D, Ko I (2017) A climbing motion recognition method using anatomical information for screen climbing games. Human-centric Comput Inf Sci 7(1):25

    Article  Google Scholar 

  19. Kim YG, Kim DH, Lee EK (2017) Designing test methods for IT-enabled energy storage system to evaluate energy dynamics. J Inf Process Syst 13(6):1487–1495

    Google Scholar 

  20. Mu K, Hui F, Zhao X (2016) Multiple vehicle detection and tracking in highway traffic surveillance video based on SIFT feature matching. J Inf Process Syst 12(2):183–195

    Google Scholar 

  21. Bujlow T, Carela-Español V, Barlet-Ros P (2015) Independent comparison of popular DPI tools for traffic classification. Comput Netw 76:75–89

    Article  Google Scholar 

  22. Kumar S, Dharmapurikar S, Yu F, Crowley P, Turner J (2006) Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In: ACM SIGCOMM Computer Communication Review, pp 339–350

  23. Kong S, Smith R, Estan C (2008) Efficient signature matching with multiple alphabet compression tables. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, p 1

  24. Becchi M, Crowley P (2007) An improved algorithm to accelerate regular expression evaluation. In: Proceedings of the 3rd ACM/IEEE Symposium on Architecture for Networking and Communications Systems, pp 145–154

  25. Liu X, Liu X, Sun N (2011) Fast and compact regular expression matching using character substitution. In: Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems, pp 85–86

  26. Luchaup D, Smith R, Estan C, Jha S (2011) Speculative parallel pattern matching. IEEE Trans Inf Forensics Secur 6(2):438–451

    Article  Google Scholar 

  27. Becchi M, Crowley P (2007) A hybrid finite automaton for practical deep packet inspection. In: Proceedings of the 2007 ACM CoNEXT Conference

  28. Bando M, Artan N S, Chao H J (2009) LaFA: lookahead finite automata for scalable regular expression detection. In: Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, pp 40–49

  29. Bremler-Barr A, David S T, Harchol Y, Hay D (2015) Leveraging traffic repetitions for high-speed deep packet inspection. In: IEEE Conference on Computer Communications, pp 2578–2586

  30. Medhane DV, Sangaiah AK (2018) PCCA: position confidentiality conserving algorithm for content-protection in e-governance services and applications. IEEE Trans Emerg Top Comput Intell 2(3):194–203

    Article  Google Scholar 

  31. Medhane DV, Sangaiah AK (2017) ESCAPE: effective scalable clustering approach for parallel execution of continuous position-based queries in position monitoring applications. IEEE Trans Sustain Comput 2(2):49–61

    Article  Google Scholar 

  32. Sangaiah AK, Karuppiah M, Li X (2017) Wireless and mobile networks: security and privacy issues. J Electr Comput Eng. https://doi.org/10.1155/2017/5174073

    Article  Google Scholar 

  33. Cheng CH, Chen YS, Sangaiah AK, Su YH (2018) Evidence-based personal applications of medical computing models in risk factors of cardiovascular disease for the middle-aged and elderly. Pers Ubiquit Comput. https://doi.org/10.1007/s00779-018-1172-z

    Article  Google Scholar 

  34. Wu F, Li X, Sangaiah AK, Xu L, Kumari S, Wu L, Shen J (2018) A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Future Gener Comput Syst 82:727–737

    Article  Google Scholar 

  35. Zeng D, Dai Y, Li F, Sherratt RS, Wang J (2018) Adversarial learning for distant supervised relation extraction. Comput Mater Contin 55(1):121–136

    Google Scholar 

  36. Tu Y, Lin Y, Wang J, Kim JU (2018) Semi-supervised learning with generative adversarial networks on digital signal modulation classification. Comput Mater Contin 55(2):243–254

    Google Scholar 

  37. Gao Y, Wang Y, Qin MY, Pu YJ, Wang Z, Fu ZC (2017) DPI & DFI: a malicious behavior detection method combining deep packet inspection and deep flow inspection. Proc Eng 174:1309–1314

    Article  Google Scholar 

  38. Afek Y, Bremler-Barr A, Harchol Y, Hay D, Koral Y (2016) Making DPI engines resilient to algorithmic complexity attacks. IEEE/ACM Trans Networking 24(6):3262–3275

    Article  Google Scholar 

Download references

Acknowledgements

This work was funded by the National Natural Science Foundation of China (61772282, 61772454, 61402234, and 61811530332). It was also supported by the Priority Academic Program Development of Jiangsu Higher Education Institutions (PAPD), Postgraduate Research & Practice Innovation Program of Jiangsu Province (KYCX17_0901) and Jiangsu Collaborative Innovation Center on Atmospheric Environment and Equipment Technology (CICAEET). It was also funded by the open research fund of Key Lab of Broadband Wireless Communication and Sensor Network Technology (Nanjing University of Posts and Telecommunications), Ministry of Education. Professor Jin Wang is the corresponding author.

Author information

Authors and Affiliations

  1. School of Computer and Software, Jiangsu Engineering Center of Network Monitoring, Nanjing University of Information Science and Technology, Nanjing, 210044, China

    Ruxia Sun, Lingfeng Shi & Chunyong Yin

  2. School of Computer and Communication Engineering, Changsha University of Science and Technology, Changsha, 410004, China

    Jin Wang

Authors
  1. Ruxia Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lingfeng Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chunyong Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jin Wang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sun, R., Shi, L., Yin, C. et al. An improved method in deep packet inspection based on regular expression. J Supercomput 75, 3317–3333 (2019). https://doi.org/10.1007/s11227-018-2517-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-018-2517-0

Keywords

Search

Navigation