Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CONEXT
2007
ACM
2007
ACM
A hybrid finite automaton for practical deep packet inspection
Deterministic finite automata (DFAs) are widely used to perform regular expression matching in linear time. Several techniques have been proposed to compress DFAs in order to reduce memory requirements. Unfortunately, many realworld IDS regular expressions include complex terms that result in an exponential increase in number of DFA states. Since all recent proposals use an initial DFA as a startingpoint, they cannot be used as comprehensive regular expression representations in an IDS. In this work we propose a hybrid automaton which addresses this issue by combining the benefits of deterministic and non-deterministic finite automata. We test our proposal on Snort rule-sets and we validate it on real traffic traces. Finally, we address and analyze the worst case behavior of our scheme and compare it to traditional ones. Categories and Subject Descriptors C.2.0 [Computer Communication Networks]: General
Real-time TrafficComputer Networks | CONEXT 2007 | Deterministic Finite Automata | Finite Automata | Regular Expressions |
Related Content
| Added | 14 Aug 2010 |
| Updated | 14 Aug 2010 |
| Type | Conference |
| Year | 2007 |
| Where | CONEXT |
| Authors | Michela Becchi, Patrick Crowley |
Comments (0)
Researcher Info
|
