共查询到17条相似文献,搜索用时 140 毫秒
1.
基于确定性有限自动机(DFA)的传统正则表达式匹配方法存在单周期处理单字符的速度瓶颈。为提升处理速率,提出一种单周期处理多字符的匹配算法MC-DFA,该算法基于DFA实现,支持匹配位置的精确定位。MC-DFA将传统DFA中的单字符跳转合并为多字符跳转,实现了单周期处理多个输入字符。通过状态转移矩阵二阶压缩算法,MC-DFA分别对矩阵行内以及行间冗余进行消除,减少了内存使用。300条规则下,单周期处理8字符时,MC-DFA吞吐率能够达到7.88Gb/s,内存占用小于6MB,预处理时间为19.24s。实验结果表明,MC-DFA能够有效提升系统吞吐率,并且保证内存占用在可接受范围之内,性能优于现有正则表达式匹配算法。 相似文献
2.
递归数据流匹配算法(RFC)是一种高性能包匹配算法.但随着规则库中规则维数的增长以及规模的增加,必将使系统内存消耗殆尽.对RFC进行改进以减少内存消耗,把规则库分成几个子集,每个规则存储在一个独立的子集中.采用多种方法对RFC数据结构进行精简,进一步改善算法的速度和内存性能.实验结果表明,该改进算法大大降低了RFC总体内存消耗,极大提高了包匹配的计算性能. 相似文献
3.
对网络入侵检测系统(NIDS)中复杂正则表达式匹配电路进行改进和优化。为达到最大吞吐量和最小的单位字符占用资源量,设计利用预译码、前缀树、规则分组、并行处理等方法进行结构优化。实验结果表明,改进后的电路结构提高了约47%匹配速度,缩减了约39%的电路面积,具有较低的资源占用和更广泛的适用性。 相似文献
4.
正则表达式具有强大的描述能力,在计算机领域,正则表达式匹配技术应用十分广泛。目前,已经有多个正则表达式匹配引擎,在实际应用中,对于不同的匹配规则集和正则语法,不同的匹配引擎会有不同的性能表现。本文通过对PCRE、Greta、Boost、RE2四种常用正则表达式匹配引擎的性能测试,给出在不用的正则语法情况下的匹配速度,并深入分析不同坏境下适用的正则表达式匹配引擎。对实际系统设计中正则表达式库的选择有指导意义。 相似文献
5.
随着网络应用的多样化,各种网络流量不断复杂化、多样化,各种网络安全事故频发.网络流量的分布不均匀以及网络安全状况的复杂使得互联网急需管理和维护,网络流量的监控问题变得尤为重要.流量识别作为一种能够自动、实时保障网络监控的技术,成为防火墙一类静态安全设备的必要补充,越来越受到人们的重视.深度包监测(DPI)技术以其识别的准确性成为应用越来越广泛的识别技术.然而单纯的软件实现系统监测速度较慢,不能满足网络高速数据包处理的吞吐量要求.单纯的硬件识别知识库会占用大量内存,一般的硬件内存达不到要求.单纯的软件识别效率又不能满足越来越大的网络吞吐量需求.这种情况下,文章研究了一种基于正则表达式的软硬件结合系统实现方法,该方法的主要思想是硬件识别网络常见协议,软件识别复杂的网络协议,且两者都支持正则表达式.这种方法兼具软件与硬件实现的优点,与传统的软件实现相比,在识别效率方面有明显提高. 相似文献
6.
针对在生物信息网络中对复杂和大规模的数据集进行挖掘时所出现的算法挖掘精度低、运行速度慢、内存占用大等问题,提出一种基于关联规则映射的生物信息网络多维数据挖掘算法.该算法结合网络数据集之间的关联映射关系,从而确定网络数据集的关联规则,并引入挖掘因子和相对误差来提高算法的挖掘精度;根据多维子空间中数据集之间的关联程度进行子空间区分以及子空间内数据集区分,从而实现对不同数据集的有效挖掘.在实验中,对不同数据集数量下的算法内存占用情况、算法挖掘精度、算法运行时间进行仿真,从实验结果可以看出基于关联规则映射的挖掘算法可以有效地提高挖掘精度,在减少内存占用和提升计算速度上也具有一定的优势. 相似文献
7.
正则表达式方程组的最小解 总被引:1,自引:1,他引:0
网络安全检测中,正则表达式匹配是深度包检测的主要手段,匹配算法则是其关键技术。目前,正则表达式匹配算法可以大体分为转换压缩、状态压缩和字母表压缩三类。文章讨论正则表达式方程组最小解及其求解算法,证明了正则表达式方程组的最小解的存在性和基于Gauss消元法的求解算法的正确性,给出了最小解的构造,分析了求解算法的时间复杂度... 相似文献
8.
9.
正则表达式具有编写简单和描述能力强的特点,在报文深度内容检测中得到了广泛应用。但是,由于处理复杂,基于软件的正则表达式匹配的实现难以满足大流量下报文的内容检测。本文首先对实现正则表达式匹配的多模式确定有限自动机(MPDFA)方法进行研究,并基于该方法提出基于硬件实现报文正则表达式匹配的微引擎结构。最后,给出了我们基于AlteraCycloneIIFPGA实现的报文深度内容检查实现方案。其核心是四个实现正则表达式匹配的微引擎。测试表明,通过四个微引擎的并行处理可实现千兆以太网接口报文的线速内容检查。 相似文献
10.
当前深度包检测算法通常需要将正则表达式转换为NFA或者DFA.但是随着网络带宽的不断增加.NFA和DFA状态占用的存储空间越来越大,极大地考验着系统的存储能力。为了应对这个问题.提出一种基于正则表达式相性的分组算法来对表达式进行分组,实验证明该算法能减少NFA和DFA状态的数量,提高匹配的效率。 相似文献
11.
《Computer Standards & Interfaces》2014,36(5):880-888
A key technique of network security inspection is by using the regular expression matching to locate the specific fingerprints of networking applications or attacks in the packet flows, and accordingly identify the underlying applications or attacks. However, due to the surge of various networking applications and attacks in recent years, even more fingerprints need to be investigated in this process, which leads to a high demand on a large memory space for regular expression matching. In addition, with the frequent upgrading of the network links nowadays, the network flow rate also increases dramatically. As a result, it demands the fast operation of regular expression matching accordingly with the enhanced throughput for network inspection. However, due to the limited space of the fast memory, the requirements on fast operations and large memory space are conflicting. On addressing this challenge, in this paper, we propose to use hybrid memory for regular expression matching. In specific, by investigating on the transition table state access probability through the Markov theory, it can be observed that there exist a number of states which are much more frequently accessed than others. Therefore, we devise a matching engine which is suitable for FPGA implementation with two-level memories, where the first-level memory uses the on-chip memory of FPGA to cache the frequently accessed state transitions, and the second-level memory, composed of slow and cheap DRAM, stores the whole state transitions. Furthermore, the L7-filter's regular expression patterns have been applied to obtain the state access probability, and different quantities of memory assignment approaches have also been investigated to evaluate the throughput. 相似文献
12.
随着网络带宽的日益增长,病毒和非法信息的形式越来越多,网络安全系统处理的压力越来越大。多串匹配算法作为大部分网络安全系统中的核心扫描部分其性能尤为重要。从微处理器体系结构的角度,用模拟的方法分析了SBOM、AC、WM等三种精确多串匹配算法在大规模规则库的情况下,其性能影响的各种因素,特别是其访存行为特征,并从算法原理上解释了访存性为是如何被影响的。指出当规则库规模增到5 000时,由Cache失效引起的性能损失占全部开销的近10%,而且比重随着规则库规模增大而继续变大。 相似文献
13.
安全代理被越来越多的互联网用户用于规避网络审查和访问受限资源,因此安全代理流量的分类对于网络安全和网络管理具有重要意义。为弥补深度包检测技术在过滤和识别不良信息上的不足,提高防火墙流量探测能力,提出一种安全代理流量分类方法。提取用于安全代理流量分类的侧信道特征,包括有效载荷长度序列、信号序列等,使用机器学习和深度学习算法对Shadowsocks、V2Ray、Freegate、Ultrasurf 4种被广泛使用的安全代理流量进行识别。实验结果表明,通过提取与有效载荷内容无关的侧信道特征进行分类,与MLP、LSMP等算法相比,该方法在准确率、F1值等性能方面均有提升。 相似文献
14.
15.
Inspection engines that can inspect network content for application-layer information are urgently required. In-depth packet inspection engines, which search the whole packet payload, can identify the interested packets that contain certain patterns. Network equipment then utilizes the searching results from the inspection engines for application-oriented management. The most important technology for fast packet inspection is an efficient multi-pattern matching algorithm to perform exact string matching between packets and a large set of patterns. This paper proposes a novel hierarchical multi-pattern matching algorithm (HMA) for packet inspection. HMA builds hierarchical index tables from the most frequent common-codes, and efficiently reduces the amount of external memory accesses and memory space by two-tier and cluster-wise matching. Analysis and simulation results reveal that HMA performs much better than state-of-the-art matching algorithms. In particular, HMA can update patterns incrementally, thus creating a reliable network system. 相似文献
16.
Signature-based intrusion detection is required to inspect network traffic at wire-speed. Matching packet payloads against patterns specified with regular expression is a computation intensive task. Hence, the design of hardware accelerator to speed up regular expression matching has been an active research area. A systematic approach to detect regular expression is based on finite automaton. The space-time trade-off between deterministic finite automaton (DFA) and non-deterministic finite automaton (NFA) is well-known. DFA can offer constant throughput but it may suffer from the state explosion problem. Hence, implementation of DFA for large pattern sets on embedded device with limited on-chip memory may not be viable. NFA requires linear space but the throughput can be very low. Implementations of NFA with hardwired circuits can overcome the speed deficiency by exploiting the massive parallelism offered by dedicated hardware circuitries, but this approach does not support efficient dynamic updates. In this paper, we shall present a memory-based architecture for the implementation of NFA to speed up regular expression matching for signature-based intrusion detection. The proposed method supports dynamic updates and offers constant throughput so that it can be used to supplement the existing DFA-based methods in handling large pattern sets. 相似文献