| 一种基于深度报文检测的FSM状态表压缩技术 |
| |
| 引用本文: | 陈曙晖,苏金树,范慧萍,侯婕.一种基于深度报文检测的FSM状态表压缩技术[J].计算机研究与发展,2008,45(8). |
| |
| 作者姓名: | 陈曙晖 苏金树 范慧萍 侯婕 |
| |
| 作者单位: | 国防科学技术大学计算机学院,长沙,410073 |
| |
| 基金项目: | 国家自然科学基金,国家重点基础研究发展计划(973计划) |
| |
| 摘 要: | 针对深度报文检测中正则表达式模式匹配的状态表爆炸问题,提出并实现了一种集合交割的预编码方法(SI-precode),在正则表达式转换成DFA前对所有输入符号进行预编码,通过压缩输入,减少FSM中输入符号的种类,从而压缩状态转移表的空间.证明了预编码生成的状态机的正确性及其与原状态机的同态性.采用L7-filter模式进行实验表明SI-precode不仅提高了正则表达式的编译速度,针对单模式状态机,其状态转移表空间比不进行预编码压缩了87%~97%,50个模式的多模式状态机可压缩59%.预编码在软硬件结合体系结构下进行协议识别时不会对性能造成影响;对纯软件结构性能降低2%~4%.
|
| 关 键 词: | 网络安全 深度报文检测 模式匹配 正则表达式 协议识别 |
An FSM State Table Compressing Method Based on Deep Packet Inspection |
| |
| Chen Shuhui,Su Jinshu,Fan Huiping,Hou Jie.An FSM State Table Compressing Method Based on Deep Packet Inspection[J].Journal of Computer Research and Development,2008,45(8). |
| |
| Authors: | Chen Shuhui Su Jinshu Fan Huiping Hou Jie |
| |
| Affiliation: | Chen Shuhui,Su Jinshu,Fan Huiping,, Hou Jie(School of Computer Science,National University of Defense Technology,Changsha 410073) |
| |
| Abstract: | Recent advances in network packet processing focus on payload inspection for applications that include content-based billing,layer-7 switching and Internet security.Most of the applications in this family compile the fingerprints to finite state machine(FSM),and then process packets based on state transition table.There are two kinds of FSM:deterministic finite automaton(DFA) and nondeterministic finite automaton(NFA).DFA is fast but needs more memory,while NFA needs little memory but is slow.There is littl... |
| |
| Keywords: | network security deep packet inspection pattern matching regular expression protocol identification |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
