Improved deep packet inspection in data stream detection

  • Chunyong Yin
  • Hongyi Wang
  • Xiang Yin
  • Ruxia Sun
  • Jin Wang


Finite state automata are widely used in firewalls, data detection and content audit systems to match complex sets of regular expressions in network packets. However, with the continuous increase in the types of network contents and network traffics in recent years, the deep packet inspection systems based on finite state automata also require regular engines for less memory consumption and higher operating speed. This paper analyzes the feature and problem of finite state automata and improves non-deterministic finite automata by reducing the conversion edge to reduce the memory usage. The experiment results which are made by real-world dataset show that the memory usage is reduced more than half.


Regular expression NFA Conversion edges Deep packet inspection 



This work was funded by National Natural Science Foundation of China (61772282, 61772454, 6171101570). It was also supported by the Priority Academic Program Development of Jiangsu Higher Education Institutions (PAPD), Postgraduate Research and Practice Innovation Program of Jiangsu Province (KYCX17_0901), Natural Science Foundation of Jiangsu Province (BK20150460) and Jiangsu Collaborative Innovation Center on Atmospheric Environment and Equipment Technology (CICAEET). It was also funded by the open research fund of Key Lab of Broadband Wireless Communication and Sensor Network Technology (Nanjing University of Posts and Telecommunications), Ministry of Education.


  1. 1.
    Yin C, Zhang S (2017) Parallel implementing improved k-means applied for image retrieval and anomaly detection. Multimed Tools Appl 76(16):16911–16927CrossRefGoogle Scholar
  2. 2.
    Wang J, Zhang Z, Li B, Lee S, Sherratt RS (2014) An enhanced fall detection system for elderly person monitoring using consumer home networks. IEEE Trans Consum Electron 60(1):23–29CrossRefGoogle Scholar
  3. 3.
    Yin C, Xi J, Sun R (2017) Location privacy protection based on differential privacy strategy for big data in industrial internet-of-things. IEEE Trans Ind Inf. CrossRefGoogle Scholar
  4. 4.
    Fu Z, Ren K, Shu J, Sun X, Huang F (2016) Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE Trans Parallel Distrib Syst 27(9):2546–2559CrossRefGoogle Scholar
  5. 5.
    Keegan N, Ji S-Y, Chaudhary A, Concolato C, Yu B, Jeong DH (2016) A survey of cloud-based network intrusion detection analysis. Human-Cent Comput Inf Sci 6(1):19CrossRefGoogle Scholar
  6. 6.
    Rathod SB, Reddy VK (2017) Ndynamic framework for secure vm migration over cloud computing. J Inf Process Syst 13(3):476–490Google Scholar
  7. 7.
    Iuga C, Nurse JRC, Erola A (2016) Baiting the hook: factors impacting susceptibility to phishing attacks. Human-Cent Comput Inf Sci 6(1):1–20CrossRefGoogle Scholar
  8. 8.
    Sherry J, Lan C, Popa RA, Ratnasamy S (2015) Blindbox: deep packet inspection over encrypted traffic. ACM SIGCOMM Comput Commun Rev 45(4):213–226CrossRefGoogle Scholar
  9. 9.
    Dharmapurikar S, Krishnamurthy P, Sproull TS, Lockwood JW (2004) Deep packet inspection using parallel bloom filters. IEEE Micro 24(1):52–61CrossRefGoogle Scholar
  10. 10.
    Yin C, Feng L, Ma L (2016) An improved Hoeffding-ID data-stream classification algorithm. J Supercomput 72(7):2670–2681CrossRefGoogle Scholar
  11. 11.
    Gu B, Sun X, Sheng VS (2017) Structural minimax probability machine. IEEE Trans Neural Netw Learn Syst 28(7):1646–1656MathSciNetCrossRefGoogle Scholar
  12. 12.
    Yin C, Xia L, Zhang S, Sun R, Wang J (2017) Improved clustering algorithm based on high-speed network data stream. Soft Comput 22:4185–4195CrossRefGoogle Scholar
  13. 13.
    Ma T, Zhang Y, Cao J, Shen J, Tang M, Tian Y, Al-Rodhaan M (2015) KDVEM: a k-degree anonymity with vertex and edge modification algorithm. Computing 97(12):1165–1184MathSciNetCrossRefGoogle Scholar
  14. 14.
    Gu B, Sheng VS, Tay KY, Romano W, Li S (2015) Incremental support vector learning for ordinal regression. IEEE Trans Neural Netw Learn Syst 26(7):1403–1416MathSciNetCrossRefGoogle Scholar
  15. 15.
    Gu B, Sheng VS (2017) A robust regularization path algorithm for v-support vector classification. IEEE Trans Neural Netw Learn Syst 28(5):1241–1248CrossRefGoogle Scholar
  16. 16.
    Ma J, Zhou H, Zhao J, Gao Y, Jiang J, Tian J (2015) Robust feature matching for remote sensing image registration via locally linear transforming. IEEE Trans Geosci Remote Sens 53(12):6469–6481CrossRefGoogle Scholar
  17. 17.
    Zeng D, Dai Y, Li F, Sherratt RS, Wang J (2018) Adversarial learning for distant supervised relation extraction. Comput Mater Contin 55(1):121–136Google Scholar
  18. 18.
    Tu Y, Lin Y, Wang J, Kim JU (2018) Semi-supervised learning with generative adversarial networks on digital signal modulation classification. Comput Mater Contin 55(2):243–254Google Scholar
  19. 19.
    Bando M, Artan NS, Chao HJ (2012) Scalable lookahead regular expression detection system for deep packet inspection. IEEE/ACM Trans Netw 20(3):699–714CrossRefGoogle Scholar
  20. 20.
    Vuppala R, Farik M (2015) Intrusion detection amp prevention systems-sourcefire snort. Int J Sci Technol Res 4(8):220–223Google Scholar
  21. 21.
    Paxson V (1999) Bro: a system for detecting network intruders in real-time. Comput Netw 31(23):2435–2463CrossRefGoogle Scholar
  22. 22.
    Brüggemann-Klein A (1993) Regular expressions into finite automata. Theoret Comput Sci 120(2):197–213MathSciNetCrossRefGoogle Scholar
  23. 23.
    Vespa L, Weng N (2011) Deterministic finite automata characterization and optimization for scalable pattern matching. ACM Trans Arch Code Optim 8(1):1–31CrossRefGoogle Scholar
  24. 24.
    Lo CTD, Tai YG (2009) Space optimization on counters for FPGA-based perl compatible regular expressions. ACM Trans Reconfig Technol Syst 2(4):1–18CrossRefGoogle Scholar
  25. 25.
    Yu F, Chen Z, Diao Y, Lakshman T, Katz RH (2006) Fast and memory-efficient regular expression matching for deep packet inspection. In: ACM/IEEE Symposium on Architecture for Networking and Communications Systems, 2006. ANCS 2006, pp 93–102Google Scholar
  26. 26.
    Becchi M, Crowley P (2008) Extending finite automata to efficiently match Perl-compatible regular expressions. In: ACM conference on emerging network experiment and technology, pp 1–12Google Scholar
  27. 27.
    Becchi M, Crowley P (2007) A hybrid finite automaton for practical deep packet inspection. In: Proceedings of the 2007 ACM CoNEXT Conference, pp 1–12Google Scholar
  28. 28.
    Kumar A, Verma AK (2014) A novel algorithm for the conversion of parallel regular expressions to non-deterministic finite automata. Appl Math Inf Sci 8(1):95–105MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.School of Computer and Software, Jiangsu Engineering Center of Network MonitoringNanjing University of Information Science and TechnologyNanjingChina
  2. 2.College of Information EngineeringYangzhou UniversityYangzhouChina
  3. 3.School of Computer and Communication EngineeringChangsha University of Science and TechnologyChangshaChina

Personalised recommendations