Abstract
Deep packet inspection at high speed has become extremely important due to its applications in network services. In deep packet inspection applications, regular expressions have gradually taken the place of explicit string patterns for its powerful expression ability. Unfortunately, the requirements of memory space and bandwidth using traditional methods are prohibitively high. In this paper, we propose a novel scheme of deep packet inspection based on non-uniform distribution of network traffic. The new scheme separates a set of regular expressions into several groups with different priorities and compiles the groups attaching different priorities with different methods. When matching, the scanning sequence of rules is consistent with their priorities. The experiment results show that the proposed protocol recognition performs 10 to 30 times faster than the traditional NFA-based approach and hold a reasonable memory requirement.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sidhu, R., Prasanna, V.K.: Fast Regular Expression Matching using FPGAs. In: The 9th Annual IEEE Symposium on FCCM (2001)
Kumar, S., Dharmapurikar, S., Yu, F., Crowley, P., Turner, J.: Algorithms to Accelerate Multiple Regular Expressions Matching for Deep Packet Inspection. In: ACM SIGCOMM, Pisa (2006)
Becchi, M., Crowley, P.: An Improved Algorithm to Accelerate Regular Expression Evaluation. In: ANCS, Orlando (2007)
Yu, F., Chen, Z., Diao, Y., Lakshman, T.V., Katz, R.H.: Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection. In: ANCS, California (2006)
Qian, X., Yue-Peng, E., Ge, J.-G., Qian, H.-L.: Efficient Regular Expression Compression Algorithm for Deep Packet Inspection. Journal of Software 20(08), 2214–2226 (2009)
Huiping, F., Lei, X., Shuhui, C., Gaoping, H.: Speed Up on Application Protocol Recognition Using Regular Expression. Journal of Computer Research and Development 45( Suppl.), 438–443 (2008)
Fang, W., Peter, L.: Inter-AS Traffic Patterns and Their Implications. In: IEEE Global Telecommunications Conference, vol. 3, pp. 1859–1868 (1999)
Levandoski, J., Sommer, E., Strait, M.: Application Layer Packet Classifier for Linux, http://l7-filter.sourceforge.net/
Becchi, M., Crowley, P.: A Hybrid Finite Automaton for Practical Deep Packet Inspection. In: coNEXT, New York (December 2007)
Bro Intrusion Detection System, http://bro-ids.org/Overview.html
Snort Network Intrusion Detection System, http://www.snort.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, C., Wang, F., Lin, F., Guo, S., Gong, B. (2011). Fast Protocol Recognition by Network Packet Inspection. In: Lu, BL., Zhang, L., Kwok, J. (eds) Neural Information Processing. ICONIP 2011. Lecture Notes in Computer Science, vol 7063. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24958-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-24958-7_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24957-0
Online ISBN: 978-3-642-24958-7
eBook Packages: Computer ScienceComputer Science (R0)