StriFA: Stride Finite Automata for High-Speed Regular Expression Matching in Network Intrusion Detection Systems

StriFA: Stride Finite Automata for High-Speed Regular Expression Matching in Network Intrusion Detection Systems

Deep packet inspection has become a key component in network intrusion detection systems (NIDSes), where every packet in the incoming data stream needs to be compared with patterns in an attack database, byte-by-byte, using either string matching or regular expression matching. Regular expression ma...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE systems journal 2013-09, Vol.7 (3), p.374-384
Hauptverfasser: Xiaofei Wang, Yang Xu, Junchen Jiang, Ormond, Olga, Bin Liu, Xiaojun Wang
Format: Artikel
Sprache:eng
Schlagworte:
Acceleration
Automata
Automation
Deep packet inspection (DPI)
deterministic finite automaton (DFA)
Doped fiber amplifiers
Educational institutions
Engines
Matching
Mathematical analysis
Memory management
network intrusion detection systems (NIDSes)
Networks
nondeterministic finite automaton (NFA)
Packets (communication)
Pattern matching
Software
Streams
Studies
Traffic engineering
Traffic flow
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 384
container_issue 3
container_start_page 374
container_title IEEE systems journal
container_volume 7
creator Xiaofei Wang
Yang Xu
Junchen Jiang
Ormond, Olga
Bin Liu
Xiaojun Wang
description Deep packet inspection has become a key component in network intrusion detection systems (NIDSes), where every packet in the incoming data stream needs to be compared with patterns in an attack database, byte-by-byte, using either string matching or regular expression matching. Regular expression matching, despite its flexibility and efficiency in attack identification, brings significantly high computation and storage complexities to NIDSes, making line-rate packet processing a challenging task. In this paper, we present stride finite automata (StriFA), a novel finite automata family, to accelerate both string matching and regular expression matching. Different from conventional finite automata, which scan the entire traffic stream to locate malicious information, a StriFA only needs to scan a partial traffic stream to find suspicious information. The presented StriFA technique has been implemented in software and evaluated based on different traces. The simulation results show that the StriFA acceleration scheme offers an increased speed over traditional nondeterministic finite automaton/deterministic finite automaton, while at the same time reducing the memory requirement.
doi_str_mv 10.1109/JSYST.2013.2244791
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_ieee_primary_6475958</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6475958</ieee_id><sourcerecordid>1429849522</sourcerecordid><originalsourceid>FETCH-LOGICAL-c328t-31e565815c95e055c069601ea701808a779741b2ad068c5558913d9bc4aed44d3</originalsourceid><addsrcrecordid>eNpdkUtPwzAQhCMEEs8_ABdLXLik-Bnb3CqgPFRAInDgZBlnWwxtEmxH0H9P2iIOnGak_WZ3pcmyQ4IHhGB9elu-lE8DigkbUMq51GQj2yGayVxTxjdXnuaKKL6d7cb4jrFQQuqdrC1T8KPhGVpqBWjka58ADbvUzG2yaNIEdO2nb3nZAlToEabdzAZ0-d0GiNE3Nbqzyb35eop8je4hfTXhA93UKXSr6QUkcGnpykVMMI_72dbEziIc_Ope9jy6fDq_zscPVzfnw3HuGFUpZwREIRQRTgvAQjhc6AITsBIThZWVUktOXqmtcKGcEEJpwir96riFivOK7WUn671taD47iMnMfXQwm9kami4awqlWXAtKe_T4H_redKHuvzOEac37S1T2FF1TLjQxBpiYNvi5DQtDsFmWYFYlmGUJ5reEPnS0DnkA-AsUXAotFPsBvsyCmw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1399497427</pqid></control><display><type>article</type><title>StriFA: Stride Finite Automata for High-Speed Regular Expression Matching in Network Intrusion Detection Systems</title><source>IEEE Electronic Library (IEL)</source><creator>Xiaofei Wang ; Yang Xu ; Junchen Jiang ; Ormond, Olga ; Bin Liu ; Xiaojun Wang</creator><creatorcontrib>Xiaofei Wang ; Yang Xu ; Junchen Jiang ; Ormond, Olga ; Bin Liu ; Xiaojun Wang</creatorcontrib><description>Deep packet inspection has become a key component in network intrusion detection systems (NIDSes), where every packet in the incoming data stream needs to be compared with patterns in an attack database, byte-by-byte, using either string matching or regular expression matching. Regular expression matching, despite its flexibility and efficiency in attack identification, brings significantly high computation and storage complexities to NIDSes, making line-rate packet processing a challenging task. In this paper, we present stride finite automata (StriFA), a novel finite automata family, to accelerate both string matching and regular expression matching. Different from conventional finite automata, which scan the entire traffic stream to locate malicious information, a StriFA only needs to scan a partial traffic stream to find suspicious information. The presented StriFA technique has been implemented in software and evaluated based on different traces. The simulation results show that the StriFA acceleration scheme offers an increased speed over traditional nondeterministic finite automaton/deterministic finite automaton, while at the same time reducing the memory requirement.</description><identifier>ISSN: 1932-8184</identifier><identifier>EISSN: 1937-9234</identifier><identifier>DOI: 10.1109/JSYST.2013.2244791</identifier><identifier>CODEN: ISJEB2</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Acceleration ; Automata ; Automation ; Deep packet inspection (DPI) ; deterministic finite automaton (DFA) ; Doped fiber amplifiers ; Educational institutions ; Engines ; Matching ; Mathematical analysis ; Memory management ; network intrusion detection systems (NIDSes) ; Networks ; nondeterministic finite automaton (NFA) ; Packets (communication) ; Pattern matching ; Software ; Streams ; Studies ; Traffic engineering ; Traffic flow</subject><ispartof>IEEE systems journal, 2013-09, Vol.7 (3), p.374-384</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Sep 2013</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c328t-31e565815c95e055c069601ea701808a779741b2ad068c5558913d9bc4aed44d3</citedby><cites>FETCH-LOGICAL-c328t-31e565815c95e055c069601ea701808a779741b2ad068c5558913d9bc4aed44d3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6475958$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,796,27923,27924,54757</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6475958$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Xiaofei Wang</creatorcontrib><creatorcontrib>Yang Xu</creatorcontrib><creatorcontrib>Junchen Jiang</creatorcontrib><creatorcontrib>Ormond, Olga</creatorcontrib><creatorcontrib>Bin Liu</creatorcontrib><creatorcontrib>Xiaojun Wang</creatorcontrib><title>StriFA: Stride Finite Automata for High-Speed Regular Expression Matching in Network Intrusion Detection Systems</title><title>IEEE systems journal</title><addtitle>JSYST</addtitle><description>Deep packet inspection has become a key component in network intrusion detection systems (NIDSes), where every packet in the incoming data stream needs to be compared with patterns in an attack database, byte-by-byte, using either string matching or regular expression matching. Regular expression matching, despite its flexibility and efficiency in attack identification, brings significantly high computation and storage complexities to NIDSes, making line-rate packet processing a challenging task. In this paper, we present stride finite automata (StriFA), a novel finite automata family, to accelerate both string matching and regular expression matching. Different from conventional finite automata, which scan the entire traffic stream to locate malicious information, a StriFA only needs to scan a partial traffic stream to find suspicious information. The presented StriFA technique has been implemented in software and evaluated based on different traces. The simulation results show that the StriFA acceleration scheme offers an increased speed over traditional nondeterministic finite automaton/deterministic finite automaton, while at the same time reducing the memory requirement.</description><subject>Acceleration</subject><subject>Automata</subject><subject>Automation</subject><subject>Deep packet inspection (DPI)</subject><subject>deterministic finite automaton (DFA)</subject><subject>Doped fiber amplifiers</subject><subject>Educational institutions</subject><subject>Engines</subject><subject>Matching</subject><subject>Mathematical analysis</subject><subject>Memory management</subject><subject>network intrusion detection systems (NIDSes)</subject><subject>Networks</subject><subject>nondeterministic finite automaton (NFA)</subject><subject>Packets (communication)</subject><subject>Pattern matching</subject><subject>Software</subject><subject>Streams</subject><subject>Studies</subject><subject>Traffic engineering</subject><subject>Traffic flow</subject><issn>1932-8184</issn><issn>1937-9234</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2013</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpdkUtPwzAQhCMEEs8_ABdLXLik-Bnb3CqgPFRAInDgZBlnWwxtEmxH0H9P2iIOnGak_WZ3pcmyQ4IHhGB9elu-lE8DigkbUMq51GQj2yGayVxTxjdXnuaKKL6d7cb4jrFQQuqdrC1T8KPhGVpqBWjka58ADbvUzG2yaNIEdO2nb3nZAlToEabdzAZ0-d0GiNE3Nbqzyb35eop8je4hfTXhA93UKXSr6QUkcGnpykVMMI_72dbEziIc_Ope9jy6fDq_zscPVzfnw3HuGFUpZwREIRQRTgvAQjhc6AITsBIThZWVUktOXqmtcKGcEEJpwir96riFivOK7WUn671taD47iMnMfXQwm9kami4awqlWXAtKe_T4H_redKHuvzOEac37S1T2FF1TLjQxBpiYNvi5DQtDsFmWYFYlmGUJ5reEPnS0DnkA-AsUXAotFPsBvsyCmw</recordid><startdate>20130901</startdate><enddate>20130901</enddate><creator>Xiaofei Wang</creator><creator>Yang Xu</creator><creator>Junchen Jiang</creator><creator>Ormond, Olga</creator><creator>Bin Liu</creator><creator>Xiaojun Wang</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7TB</scope><scope>8FD</scope><scope>FR3</scope><scope>JQ2</scope><scope>KR7</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20130901</creationdate><title>StriFA: Stride Finite Automata for High-Speed Regular Expression Matching in Network Intrusion Detection Systems</title><author>Xiaofei Wang ; Yang Xu ; Junchen Jiang ; Ormond, Olga ; Bin Liu ; Xiaojun Wang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c328t-31e565815c95e055c069601ea701808a779741b2ad068c5558913d9bc4aed44d3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2013</creationdate><topic>Acceleration</topic><topic>Automata</topic><topic>Automation</topic><topic>Deep packet inspection (DPI)</topic><topic>deterministic finite automaton (DFA)</topic><topic>Doped fiber amplifiers</topic><topic>Educational institutions</topic><topic>Engines</topic><topic>Matching</topic><topic>Mathematical analysis</topic><topic>Memory management</topic><topic>network intrusion detection systems (NIDSes)</topic><topic>Networks</topic><topic>nondeterministic finite automaton (NFA)</topic><topic>Packets (communication)</topic><topic>Pattern matching</topic><topic>Software</topic><topic>Streams</topic><topic>Studies</topic><topic>Traffic engineering</topic><topic>Traffic flow</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Xiaofei Wang</creatorcontrib><creatorcontrib>Yang Xu</creatorcontrib><creatorcontrib>Junchen Jiang</creatorcontrib><creatorcontrib>Ormond, Olga</creatorcontrib><creatorcontrib>Bin Liu</creatorcontrib><creatorcontrib>Xiaojun Wang</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Mechanical &amp; Transportation Engineering Abstracts</collection><collection>Technology Research Database</collection><collection>Engineering Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Civil Engineering Abstracts</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE systems journal</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Xiaofei Wang</au><au>Yang Xu</au><au>Junchen Jiang</au><au>Ormond, Olga</au><au>Bin Liu</au><au>Xiaojun Wang</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>StriFA: Stride Finite Automata for High-Speed Regular Expression Matching in Network Intrusion Detection Systems</atitle><jtitle>IEEE systems journal</jtitle><stitle>JSYST</stitle><date>2013-09-01</date><risdate>2013</risdate><volume>7</volume><issue>3</issue><spage>374</spage><epage>384</epage><pages>374-384</pages><issn>1932-8184</issn><eissn>1937-9234</eissn><coden>ISJEB2</coden><abstract>Deep packet inspection has become a key component in network intrusion detection systems (NIDSes), where every packet in the incoming data stream needs to be compared with patterns in an attack database, byte-by-byte, using either string matching or regular expression matching. Regular expression matching, despite its flexibility and efficiency in attack identification, brings significantly high computation and storage complexities to NIDSes, making line-rate packet processing a challenging task. In this paper, we present stride finite automata (StriFA), a novel finite automata family, to accelerate both string matching and regular expression matching. Different from conventional finite automata, which scan the entire traffic stream to locate malicious information, a StriFA only needs to scan a partial traffic stream to find suspicious information. The presented StriFA technique has been implemented in software and evaluated based on different traces. The simulation results show that the StriFA acceleration scheme offers an increased speed over traditional nondeterministic finite automaton/deterministic finite automaton, while at the same time reducing the memory requirement.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/JSYST.2013.2244791</doi><tpages>11</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1932-8184
ispartof IEEE systems journal, 2013-09, Vol.7 (3), p.374-384
issn 1932-8184
1937-9234
language eng
recordid cdi_ieee_primary_6475958
source IEEE Electronic Library (IEL)
subjects Acceleration
Automata
Automation
Deep packet inspection (DPI)
deterministic finite automaton (DFA)
Doped fiber amplifiers
Educational institutions
Engines
Matching
Mathematical analysis
Memory management
network intrusion detection systems (NIDSes)
Networks
nondeterministic finite automaton (NFA)
Packets (communication)
Pattern matching
Software
Streams
Studies
Traffic engineering
Traffic flow
title StriFA: Stride Finite Automata for High-Speed Regular Expression Matching in Network Intrusion Detection Systems
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-10T21%3A56%3A32IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=StriFA:%20Stride%20Finite%20Automata%20for%20High-Speed%20Regular%20Expression%20Matching%20in%20Network%20Intrusion%20Detection%20Systems&rft.jtitle=IEEE%20systems%20journal&rft.au=Xiaofei%20Wang&rft.date=2013-09-01&rft.volume=7&rft.issue=3&rft.spage=374&rft.epage=384&rft.pages=374-384&rft.issn=1932-8184&rft.eissn=1937-9234&rft.coden=ISJEB2&rft_id=info:doi/10.1109/JSYST.2013.2244791&rft_dat=%3Cproquest_RIE%3E1429849522%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1399497427&rft_id=info:pmid/&rft_ieee_id=6475958&rfr_iscdi=true