A memory efficient DFA using compression and pattern segmentation

Yeim Kuan Chang, Yuen Shuo Li, Yu To Chen

Research output: Contribution to journalConference articlepeer-review

4 Citations (Scopus)

Abstract

The role of network security systems such as network intrusion detection system (NIDS) has become more important. The regular expression (a.k.a. regex) matching algorithm used for inspecting the payloads of packets is one of the most intensive tasks in NIDS. When multiple regular expressions are processed together, the corresponding Deterministic Finite Automata (DFA) becomes so complicated and needs a large amount of memory. In this paper, we propose a memory efficient parallel compatible DFA algorithm that uses the techniques of compression and pattern segmentation to reduce the memory usage. Extended from PFAC (Parallel Failureless-AC) algorithm4, the proposed compressed and segmented DFA (CSDFA) needs less numbers of states and transitions than δFA. Without considering the leading symbols "." in the regular expressions, the transition table can be compressed very efficiently by the run-length encoding. The number of transitions in CSDFA is about a half of the transitions needed in δFA, and uses only 74% of the memory consumed by δFA. Based on our experiments, the throughput of the proposed CSDFA is also much better than δFA.

Original languageEnglish
Pages (from-to)292-299
Number of pages8
JournalProcedia Computer Science
Volume56
Issue number1
DOIs
Publication statusPublished - 2015
Event29th European Conference on Solid-State Transducers, EUROSENSORS 2015; Freiburg; Germany; 6 September 2015 through 9 September 2015. - Freiburg, Germany
Duration: 2015 Sept 62015 Sept 9

All Science Journal Classification (ASJC) codes

  • General Computer Science

Fingerprint

Dive into the research topics of 'A memory efficient DFA using compression and pattern segmentation'. Together they form a unique fingerprint.

Cite this