SSE Instruction and Block Predetermination-Based Automaton Optimization

  • Tianlong Yang
  • Hongli Zhang
  • Xiaolong Cao
  • Zhihong Tian
  • Mahmoud T. Qassrawi
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 238)


Techniques to decrease the memory requirements of large patterns set for an intrusion detection system (IDS), block predetermination, and block matching based on a self-balancing binary search tree (AVL) are defined in this chapter. By introducing SSE instruction, the new DFA matching system can increase matching efficiency when compared to the standard AC implementation. For illustration, a number of tests, according to different lengths or different amount of patterns were used to show how many DFA states and how much memory can be saved by the design. Empirical results show that at best an SSE-AVL-based implementation of DFA can save about 98 % of memory usage in common DFA when using randomly generated patterns. The hybrid of block DFA and common character DFA can effectively suppress memory requirements, and with the help of block predetermination with two-level-AVL filtration and SSE instruction, the matching speed performs better than standard AC under single process case.


Graphic Processing Unit Memory Usage Intrusion Detection System String Match Block Match 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work is partially supported by the National Grand Fundamental Research 973 Program of China (Grant No. 2011CB302605); the National Natural Science Foundation of China (Grant No. 61173145); High-Tech Research and Development Plan of China (Grant No. 2010AA012504, 2011AA010705). I really appreciate K.A. Poulin’s and Louis Petker’s help for the 2 days’ work correcting this chapter. I hope they can recover from illness. The authors also gratefully acknowledge the helpful comments and suggestions of the reviewers, which have improved the presentation.


  1. 1.
    Brumley D, Newsome J, Song D, Wang H, Jha S (2006) Towards automatic generation of vulnerability based signatures. In: Security and privacy, 2006 I.E. symposium on, IEEE. pp 15–30Google Scholar
  2. 2.
    Rubin S, Jha S, Miller B (2005) Language-based generation and evaluation of NIDS signatures. In: Security and privacy, 2005 I.E. symposium on, IEEE. pp 3–17Google Scholar
  3. 3.
    Sommer R, Paxson V (2003) Enhancing byte-level network intrusion detection signatures with context. In: Proceedings of the 10th ACM conference on computer and communications security, ACM. pp 262–271Google Scholar
  4. 4.
    Wang H, Guo C, Simon D, Zugenmaier A (2004) Shield: vulnerability-driven network filters for preventing known vulnerability exploits. In: ACM SIGCOMM computer communication review, ACM, vol 34. pp 193–204Google Scholar
  5. 5.
    Yegneswaran V, Giffin J, Barford P, Jha S (2005) An architecture for generating semantics-aware signatures. In: Proceedings of the 14th conference on USENIX security symposium-volume 14, USENIX association. pp 7–7Google Scholar
  6. 6.
    Yang L, Karim R, Ganapathy V, Smith R (2011) Improving NFA-based signature matching using ordered binary decision diagrams. In: Recent advances in intrusion detection. Springer, pp 58–78Google Scholar
  7. 7.
    Song T, Wang D (2009) A path combinational method for multiple pattern matching. In: Proceedings of the 5th ACM/IEEE symposium on architectures for networking and communications systems, ACM. pp 76–77Google Scholar
  8. 8.
    Piyachon P, Luo Y (2006) Efficient memory utilization on network processors for deep packet inspection. In: Proceedings of the 2006 ACM/IEEE symposium on architecture for networking and communications systems, ACM. pp 71–80Google Scholar
  9. 9.
    Dharmapurikar S, Lockwood J (2005) Fast and scalable pattern matching for content filtering. In: Architecture for networking and communications systems, 2005. ANCS 2005. Symposium on, IEEE. pp 183–192Google Scholar
  10. 10.
  11. 11.
  12. 12.
    Aho A, Corasick M (1975) Efficient string matching: an aid to bibliographic search. Commun ACM 18(6):333–340MathSciNetMATHCrossRefGoogle Scholar
  13. 13.
    Wu S, Manber U (1994) A fast algorithm for multi-pattern searching. Tech. rep., Technical Report TR-94-17, University of ArizonaGoogle Scholar
  14. 14.
    Allauzen C, Raffinot M (1999) Oracle des facteurs dun ensemble de mots. Tech. rep., Technical Report 99–11, Institut Gaspard-Monge, Université de Marne-la-ValléeGoogle Scholar
  15. 15.
    Morris J, Pratt V. A linear pattern-matching algorithm. Computing CenterGoogle Scholar
  16. 16.
    Boyer R, Moore J (1977) A fast string searching algorithm. Commun ACM 20(10):762–772MATHCrossRefGoogle Scholar
  17. 17.
    Jacob N, Brodley C (2006) Offloading IDS computation to the GPU. In: Computer security applications conference, 2006. ACSAC ‘06. 22nd Annual, IEEE. pp 371–380Google Scholar
  18. 18.
    Kouzinopoulos C, Margaritis K (2009) String matching on a multicore GPU using CUDA. In: Informatics, 2009. PCI ‘09. Thirteenth Panhellenic conference on, IEEE. pp 14–18Google Scholar
  19. 19.
    Peng J, Chen H (2010) CUgrep: a GPU-based high performance multi-string matching system. In: Future computer and communication (ICFCC), 2010 2nd International Conference on, IEEE, vol 1. pp 77–81Google Scholar
  20. 20.
    Mu S, Zhang X, Zhang N, Lu J, Deng Y, Zhang S (2010) Ip routing processing with graphic processors. In: Proceedings of the conference on design, automation and test in Europe. European Design and Automation Association, pp 93–98Google Scholar
  21. 21.
    Peng J, Chen H, Shi S (2010) The GPU-based string matching system in advanced ac algorithm. In: Computer and information technology (CIT), 2010 I.E. 10th international conference on, IEEE. pp 1158–1163Google Scholar
  22. 22.
    Smith R, Estan C, Jha S (2008) XFA: faster signature matching with extended automata. In: Security and privacy, 2008. SP 2008. IEEE symposium on, IEEE. pp 187–201Google Scholar
  23. 23.
    Kumar S, Dharmapurikar S, Yu F, Crowley P, Turner J (2006) Algorithms to accelerate multiple regular expressions matching for deep packet inspection. ACM SIGCOMM Comput Commun Rev 36(4):339–350CrossRefGoogle Scholar
  24. 24.
    Clark C, Schimmel D (2004) Scalable pattern matching for high speed networks. In: Field-programmable custom computing machines, 2004. FCCM 2004. Twelfth annual IEEE symposium on, IEEE. pp 249–257Google Scholar
  25. 25.
    Hopcroft J, Motwani R, Ullman J (2007) Introduction to automata theory, languages, and computation. Addison-Wesley, AmericaGoogle Scholar
  26. 26.
    Sidhu R, Prasanna V (2001) Fast regular expression matching using FPGAS. In: Field-programmable custom computing machines, 2001. FCCM ‘01. The 9th annual IEEE symposium on, IEEE. pp 227–238Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Tianlong Yang
    • 1
  • Hongli Zhang
    • 1
  • Xiaolong Cao
    • 1
  • Zhihong Tian
    • 1
  • Mahmoud T. Qassrawi
    • 1
  1. 1.Computer Science and Technology College, Computer Network and Information Security Technology Research CenterHarbin Institute of TechnologyHarbinChina

Personalised recommendations