Efficient Deep Packet Inspection Engines: Novel Design Opportunities

poster novel opportunities in design of efficient n.w
1 / 19
Embed
Share

Explore the innovative design approaches for efficient Deep Packet Inspection engines discussed in this poster presentation. Learn about the speed-memory tradeoff, semi-equivalent packet classifiers, and constructing semi-equivalent DFAs to enhance the performance of DPI systems.

  • DPI
  • Packet Inspection
  • Engineering
  • Design Opportunities
  • Innovation
rayaanacharya
anava Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Poster: Novel Opportunities in Design of Efficient Deep Packet Inspection Engines Anton Chekashev (ITMO University) Vitalii Demianiuk (Ariel University) Kirill Kogan (Ariel University) 1/19

  2. Deep Packet Inspection (DPI) Use cases: Intrusion detection Data loss prevention Bandwidth management Based on regular expressions One of the most resource-consuming tasks 2/19

  3. DPI: Speed-memory tradeoff Deterministic finite automaton (DFA) Lookup time: matching string length Number of states: exponential Nondeterministic finite automaton (NFA) Lookup time: matching string length * number of states Number of states: linear HybridFA : combination of NFA and DFA 3/19

  4. Semi-equivalent packet classifiers Rules are disjoint if they do not match the same header. A classifier based on a subset of fields keeping rule disjointness is semi-equivalent. SIGCOMM 14 SAX-PAC: Lookup is done in semi-equivalent classifier At most one rule is matched Complemented with false-positive check for equivalence 4/19

  5. Semi-equivalent DPI representations More complex structure Disjoint regular expressions Anchored regular expressions Start with ^ or end with $ 5/19

  6. Semi-equivalent DFA (seDFA) Each regular expression has a separate terminal state If an input string s is matched by a regular expression x: s leads to the terminal state corresponding to x Otherwise: s may lead to any state 6/19

  7. Lookup process Matching string: acba X = ^aa(bb|c) Y = ^(a|b|c)baa Z = ^bc Any method for FP-check Combined equivalent DFA: 11 nodes 7/19

  8. Constructing seDFA: Input: Anchored disjoint set of regular expressions X = ^aa(bb|c) Y = ^(a|b|c)baa Z = ^bc 8/19

  9. 1. Construct combined DFA 9/19

  10. 2. Shrink all states leading to the same terminal 10/19

  11. 2. Shrink all states leading to the same terminal 11/19

  12. 3. Find a pair of non-terminals without conflicting transitions 12/19

  13. 4. Shrink states in the chosen pair 13/19

  14. 5. Repeat until there is no such pair 14/19

  15. Output: seDFA 15/19

  16. Results Disjoint regular expressions from Snort database No. of states No. of regular expressions 16/19

  17. Future study More efficient heuristics constructing seDFA Non-disjoint regular expressions Additional structural properties Multi-group representations 17/19

  18. Questions 18/19

  19. Thank you for your attention! www.ifmo.ru 19/19

Related


No related presentations.

More Related Content