1 / 9

SRD-DFA Achieving Sub-Rule Distinguishing with Extended DFA Structure

SRD-DFA Achieving Sub-Rule Distinguishing with Extended DFA Structure. Author: Gao Xia , Xiaofei Wang , Bin Liu Publisher : IEEE DASC ( International Conference on Dependable, Autonomic and Secure Computing ) 2009 Presenter : Sih -An Pan Date : 2014/08/13.

devon
Download Presentation

SRD-DFA Achieving Sub-Rule Distinguishing with Extended DFA Structure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SRD-DFA Achieving Sub-Rule Distinguishing with Extended DFA Structure Author: Gao Xia, Xiaofei Wang, Bin Liu Publisher: IEEE DASC (International Conference on Dependable, Autonomic and Secure Computing) 2009 Presenter: Sih-An Pan Date: 2014/08/13 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

  2. Introduction • To achieve high throughput, multiple regular expressions are combined and compiled into one DFA, which leads to two problems: • State explosion of the DFA • Sub-rule distinguishing in the combined ruleset • Thecombined and minimized DFA can not identify which one or multiple sub-rules are matched when the DFA arrives at some final state. National Cheng Kung University CSIE Computer & Internet Architecture Lab

  3. METHODOLOGY • Traditionally, these regular expressions are combined as aa*ba|ab*ba|ba*ba. Then after NFA construction, DFA generation and minimization, the final built DFA is in Fig. 2. • It is necessary to construct a DFA such as the one in Fig. 3, which is sub-rule distinguishable. National Cheng Kung University CSIE Computer & Internet Architecture Lab

  4. NFA Construction (Algorithm 1): National Cheng Kung University CSIE Computer & Internet Architecture Lab

  5. Converting NFA to DFA (Algorithm 2): National Cheng Kung University CSIE Computer & Internet Architecture Lab

  6. National Cheng Kung University CSIE Computer & Internet Architecture Lab

  7. DFA Minimization (Algorithm 3): National Cheng Kung University CSIE Computer & Internet Architecture Lab

  8. EVALUATION • Compared to the minimized DFAs, SRD-DFAs only increase the number of states by no more than 8.4%, for both the L7-filter and Snort rulesets National Cheng Kung University CSIE Computer & Internet Architecture Lab

  9. EVALUATION • Another slot of results given in Table II shows the maximal throughput with the per-rule execution implementation and our SRD-DFA based implementation. • Compared with the baseline method of sub-rules distinguishing, our method obtains 8 to 14 times higher throughput, which is significant enough for real deployment considering its limited cost. National Cheng Kung University CSIE Computer & Internet Architecture Lab

More Related