1 / 14

Deflating the Big Bang: Fast and Scalable Deep Packet Inspection with Extended Finite Automata

Deflating the Big Bang: Fast and Scalable Deep Packet Inspection with Extended Finite Automata. Date:101/3/21 Publisher:SIGCOMM 08 Author: Randy Smith Cristian Estan Somesh Jha Shijin Kong Ioannidis Presenter : Shi- qu Yu. Introduction.

glenda
Download Presentation

Deflating the Big Bang: Fast and Scalable Deep Packet Inspection with Extended Finite Automata

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Deflating the Big Bang: Fast and Scalable Deep Packet Inspection with Extended Finite Automata Date:101/3/21 Publisher:SIGCOMM 08 Author:RandySmith CristianEstanSomeshJhaShijinKongIoannidis Presenter : Shi-qu Yu

  2. Introduction • Regular expressions are typically implemented as either deterministic finite automata (DFAs) or nondeterministic finite automata (NFAs). Like strings, DFAs are fast and can be readily combined. However, for many common signatures their combination exhibits an explosion in the state space

  3. UNDERSTANDING STATE EXPLOSION

  4. Eliminating Ambiguity Through Auxiliary Variables • Theorem 1. Let D1 and D2 be DFAs with D1+D2 their standard product combination. If D1 and D2 are unambiguous, then |D1 + D2| < |D1| + |D2|, where |D| is the number of states in D. • Theorem 2. If D1 and D2 are unambiguous, then D1 + D2 is unambiguous.

  5. XFA • XFA Construction[31] • Combining XFAs • Matching to Input

  6. OPTIMIZATION • Exposing Runtime Information • Combining Independent Variables • Code Motion and Instruction Merging

  7. Combining Independent Variables • Dataflow Analysis • Compatibility Analysis

  8. Dataflow Analysis • Definition 2. Let Q be the set of states containing a set operation for counter C. Then, C is active at state S if there is at least one sequence of input symbols forming a path of states from a state in Q to S in which no state in the path contains a reset operation for C. Otherwise C is inactive.

  9. Compatibility Analysis • Two counters can be reduced to one if they are compatible at all states in the automaton

  10. Combining Independent Variables

  11. Dataflow Analysis • A stream is a sequence of operations that execute in order. • While the stream is executing, the CPU is able to collect the next batch of packets.

  12. EXPERIMENTAL EVALUATION • Data Set:XFAs on FTP, SMTP, and HTTP signatures from Snort [28] and Cisco Systems. • CPU:3.0 GHz Pentium 4

More Related