Deep packet inspection with DFA-trees and parametrized language overapproximation

Luchaup, Daniel; Carli, Lorenzo De; Jha, Somesh; Bach, Eric

doi:10.1109/infocom.2014.6847977

Cited by 12 publications

(13 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…More specifically, when performing DPI on realworld network traffics, a successful matching occurs very rarely. According to our experiment result, only 0.39% of 400K real-world HTTP packets result in successful matching against 500 Snort patterns, according to other researcher [4] . is 0.27%.…”

Section: Introductionsupporting

confidence: 59%

“…Fortunately, matching on these independent DFAs can be processed in parallel with the cost of more compute resources and memory bandwidth. Moreover, mDFA can be optimized by recursively grouping to CODFA-tree [4] to gain further memory cost reduction with more groups while sacrifice a little speed on average condition. Grouping the rules still may lead to lowering whole matching speed as the power of parallelism is limited.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Multi‐stride Indexing: Improve NFA for Fast and Scalable DPI

Huo

Zhang

2018

Chin. j. electron.

View full text Add to dashboard Cite

Section: Introductionsupporting

confidence: 59%

Section: Related Workmentioning

confidence: 99%

Multi‐stride Indexing: Improve NFA for Fast and Scalable DPI

Huo

Zhang

2018

Chin. j. electron.

View full text Add to dashboard Cite

“…The works closest to our NFA reduction techniques are [16] and [17]. In [16], the authors address the issue of softwarebased acceleration of matching REs describing network attacks in SNORT.…”

Section: Related Workmentioning

confidence: 99%

Deep Packet Inspection in FPGAs via Approximate Nondeterministic Automata

Češka¹,

Havlena²,

Holík³

et al. 2019

Preprint

View full text Add to dashboard Cite

Deep packet inspection via regular expression (RE) matching is a crucial task of network intrusion detection systems (IDSes), which secure Internet connection against attacks and suspicious network traffic. Monitoring high-speed computer networks (100 Gbps and faster) in a single-box solution demands that the RE matching, traditionally based on finite automata (FAs), is accelerated in hardware. In this paper, we describe a novel FPGA architecture for RE matching that is able to process network traffic beyond 100 Gbps. The key idea is to reduce the required FPGA resources by leveraging approximate nondeterministic FAs (NFAs). The NFAs are compiled into a multi-stage architecture starting with the least precise stage with a high throughput and ending with the most precise stage with a low throughput. To obtain the reduced NFAs, we propose new approximate reduction techniques that take into account the profile of the network traffic. Our experiments showed that using our approach, we were able to perform matching of large sets of REs from SNORT, a popular IDS, on unprecedented network speeds.

show abstract

“…To avoid this problem, we propose the flow collect method based on the first time series. [16], and the other deep packet inspection (DPI) [17] characteristics can also be used to represent the flows in SDN. In this system the Real-time Detection Strategy module aims to select a n-tuple features to build a robust classification.…”

Section: A System Modelmentioning

confidence: 99%

An Efficient Elephant Flow Detection with Cost-Sensitive in SDN

Xiao¹,

Qu²,

Qi³

et al. 2015

Proceedings of the 1st International Conference on Industrial Networks and Intelligent Systems

View full text Add to dashboard Cite

Abstract-The software defined networking (SDN) allows separating control and data plane, which provides better network management and higher utilization for data center network. Among these topical applications in SDN, such as traffic engineering, QoS and network management, there is significant interest on classifying the flows and predict future traffic. Classification plays an important role in SDN, especially for elephant flow detection. However, how to efficiently detect all kinds of flows with low cost still remains a challenge task in current researches. To address this issue, in this paper, we propose to introduce cost-sensitive learning method to define a real-time elephant flow detection strategy and the subsequent metric in flow detection. Then we apply our strategy to train and evaluate cost-sensitive decision trees in SDN. Extensive experiments on different settings and data sets have been performed, showing that our strategy is good at detecting elephant flow with high detection rates and low overhead.

show abstract

Deep packet inspection with DFA-trees and parametrized language overapproximation

Cited by 12 publications

References 25 publications

Multi‐stride Indexing: Improve NFA for Fast and Scalable DPI

Multi‐stride Indexing: Improve NFA for Fast and Scalable DPI

Deep Packet Inspection in FPGAs via Approximate Nondeterministic Automata

An Efficient Elephant Flow Detection with Cost-Sensitive in SDN

Contact Info

Product

Resources

About