By Topic

A DFA with Extended Character-Set for Fast Deep Packet Inspection

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)

Deep packet inspection (DPI), based on regular expressions, is expressive, compact, and efficient in specifying attack signatures. We focus on their implementations based on general-purpose processors that are cost-effective and flexible to update. In this paper, we propose a novel solution, called deterministic finite automata with extended character-set (DFA/EC), which can significantly decrease the number of states through slightly extending the character-set. Different from existing state reduction algorithms, our solution requires only a single memory access for each byte in the traffic payload, which is the minimum. We perform experiments with the Snort rule-sets. Results show that, compared to DFA, a DFA/EC can be over four orders of magnitude smaller, has smaller memory bandwidth, and runs faster. We believe that DFA/EC will lay a groundwork for a new type of state compression technique in fast packet inspection.

Published in:

Parallel Processing (ICPP), 2011 International Conference on

Date of Conference:

13-16 Sept. 2011