Abstract
This paper proposes a memory-efficient bit-split string matching scheme for deep packet inspection (DPI). When the number of target patterns becomes large, the memory requirements of the string matching engine become a critical issue. The proposed string matching scheme reduces the memory requirements using the uniqueness of the target patterns in the deterministic finite automaton (DFA)-based bit-split string matching. The pattern grouping extracts a set of unique patterns from the target patterns. In the set of unique patterns, a pattern is not the suffix of any other patterns. Therefore, in the DFA constructed with the set of unique patterns, when only one pattern can be matched in an output state. In the bit-split string matching, multiple finite-state machine (FSM) tiles with several input bit groups are adopted in order to reduce the number of stored state transitions. However, the memory requirements for storing the matching vectors can be large because each bit in the matching vector is used to identify whether its own pattern is matched or not. In our research, the proposed pattern grouping is applied to the multiple FSM tiles in the bit-split string matching. For the set of unique patterns, the memory-based bit-split string matching engine stores only the pattern match index for each state to indicate the match with its own unique pattern. Therefore, the memory requirements are significantly decreased by not storing the matching vectors in the string matchers for the set of unique patterns. The experimental results show that the proposed string matching scheme can reduce the storage cost significantly compared to the previous bit-split string matching methods.
Highlights
Nowadays, one of the most powerful methods of ensuring network security and quality of service (QoS) is deep packet inspection (DPI), in which the payloads are analyzed to determine whether target patterns are PLOS ONE | DOI:10.1371/journal.pone.0126517 May 4, 2015A Memory-Efficient Bit-Split String Matching Using Pattern Uniqueness study design, data collection and analysis, decision to publish, or preparation of the manuscript
This paper proposes a memory-efficient deterministic finite automaton (DFA)-based string matching scheme that reduces the memory requirements by not storing the matching vectors
Four sets of target patterns denoted as backdoor, deleted, spyware, and web-client were extracted from the Snort v2.8 rules [11]
Summary
A Memory-Efficient Bit-Split String Matching Using Pattern Uniqueness study design, data collection and analysis, decision to publish, or preparation of the manuscript. The description of the pattern uniqueness based on the ASCII character input is shown. The concept of the pattern uniqueness in the bit-split string matching is explained with several examples. In the DFA-based string matching technique, the information used for representing which patterns are matched should be provided for each state. In this case, the memory requirements for storing the information can depend on the uniqueness of the patterns in a set. A non-unique pattern is defined as follows: Definition 1. For the sequence of input symbols, the non-unique pattern can be the suffix of other patterns, or other patterns can be the suffixes of the non-unique pattern in the set with non-unique patterns
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
