Domenico Ficara scite author profile

Modern network devices need to perform deep packet inspection at high speed for security and application-specific services. Finite Automata (FAs) are used to implement regular expressions matching, but they require a large amount of memory. Many recent works have proposed improvements to address this issue.This paper presents a new representation for deterministic finite automata (orthogonal to previous solutions), called Delta Finite Automata (δFA), which considerably reduces states and transitions and requires a transition per character only, thus allowing fast matching. Moreover, a new state encoding scheme is proposed and the comprehensive algorithm is tested for use in the packet classification area.

show abstract

MultiLayer Compressed Counting Bloom Filters

Ficara

Giordano

Procissi

et al. 2008

View full text Add to dashboard Cite

Bloom Filters are efficient randomized data structures for membership queries on a set with a certain known false positive probability. Counting Bloom Filters (CBFs) allow the same operation on dynamic sets that can be updated via insertions and deletions with larger memory requirements. This paper first presents a new upper bound for counters overflow probability in CBFs. This bound is much tighter than that usually adopted in literature and it allows for designing more efficient CBFs. Three novel data structures are proposed, which introduce the idea of a hierarchical structure as well as the use of Huffman code. Our algorithms improve standard CBFs in terms of fast access and limited memory consumption (up to 50% of memory saving): the target could be the implementation of the compressed data structures in the small (but fast) local memory or "on-chip SRAM" of devices such as Network Processors.

show abstract

Design and Development of an OpenFlow Compliant Smart Gigabit Switch

Antichi

Pietro

Giordano

et al. 2011

View full text Add to dashboard Cite

In this paper we propose a novel hardware-software co-design vision that aims at enhancing flexibility and reusability of hardware based packet forwarding engines. In particular, we move on the path of the well-known OpenFlow architecture that allows the user to decide the action to be performed over the packet (drop, forward through a given port etc.) upon interaction with a software control plane. Although such an approach is certainly powerful and is gaining more and more attention in both academia and industry, it is biased towards routing application: its main goal is to allow the software control plane to arbitrarily route a packet flow. However, we think that a similar paradigm, encompassing high performance packet forwarding hardware driven by a flexible software control plane, may be beneficial even to other kinds of applications, like monitoring and measurements. However, the primitives that the OpenFlow protocol provides are not flexible enough for such purposes. For this reason, we propose a flexible packet forwarding architecture based on regular expression that, besides enabling standard-compliant OpenFlow switching, can be easily reconfigured through its control plane to support other kinds of applications

show abstract

Differential Encoding of DFAs for Fast Regular Expression Matching

Ficara

Pietro

Giordano

et al. 2011

IEEE/ACM Trans. Networking

View full text Add to dashboard Cite

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems

Ficara

Antichi

Pietro

et al. 2010

View full text Add to dashboard Cite

Modern network devices need to perform deep packet inspection at high speed for security and application-specific services. Instead of standard strings to represent the dataset to be matched, state-of-the-art systems adopt regular expressions, due to their high expressive power. The current trend is to use Deterministic Finite Automata (DFAs) to match regular expressions. However, while the problem of the large memory consumption of DFAs has been solved in many different ways, only a few works have focused on increasing the lookup speed. This paper introduces a novel yet simple idea to accelerate DFAs for security applications: payload sampling. Our approach allows to skip a large portion of the text, thus processing less bytes. The price to pay is a slight number of false alarms which require a confirmation stage. Therefore, we propose a double-stage matching scheme providing two new different automata. Results show a significant speed-up in regular traffic processing, thus confirming the effectiveness of the approach

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Domenico Ficara

An improved DFA for fast regular expression matching

MultiLayer Compressed Counting Bloom Filters

Design and Development of an OpenFlow Compliant Smart Gigabit Switch

Differential Encoding of DFAs for Fast Regular Expression Matching

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems

Contact Info

Product

Resources

About