共查询到17条相似文献,搜索用时 437 毫秒
1.
2.
深度包检测采用简单的字符串匹配技术将报文内容与一组固定字符串进行匹配,基于正则表达式匹配算法能提供更强的表达能力和灵活性,而复杂的正则表达式结构可能引起DFA的状态数膨胀,导致存储代价巨大;DFA拆分算法将DFA转换表拆分为三个表:间接索引表,转换输出表,直接转换表,实验结果表明DFA所占空间大大减小,实现了DFA的压缩存储。 相似文献
3.
4.
正则表达式具有强大的描述能力,在计算机领域,正则表达式匹配技术应用十分广泛。目前,已经有多个正则表达式匹配引擎,在实际应用中,对于不同的匹配规则集和正则语法,不同的匹配引擎会有不同的性能表现。本文通过对PCRE、Greta、Boost、RE2四种常用正则表达式匹配引擎的性能测试,给出在不用的正则语法情况下的匹配速度,并深入分析不同坏境下适用的正则表达式匹配引擎。对实际系统设计中正则表达式库的选择有指导意义。 相似文献
5.
基于正则表达式进行深度报文检测在IDS/IPS、应用层协议识别等网络应用中具有重要作用。然而,采用DFA实现正则表达式需要大量的存储空间,限制了它的实际应用。将DFA状态转换表拆分成3个表,使用run-length编码进行压缩,并对压缩方法进行了优化。采用l7-filter中几个常用应用程序的正则表达式进行测试,结果表明该方法压缩效果一般在90%以上。 相似文献
6.
深度检测在维护网络安全、保证服务质量等方面扮演着重要的角色。正则表达式匹配算法作为高性能深度检测的核心技术,具有重要的研究价值和实践意义。随着网络流量不断增长、规则数目持续增多以及网络结构日趋灵活和动态,现有的正则表达式匹配算法面临着匹配速度、内存占用和更新能力等多方面的挑战。介绍了正则表达式匹配算法的研究背景,从空间压缩、匹配加速、新型自动机设计以及规则拆分和分组四个角度入手,分类总结了学术界具有影响力的研究成果。通过基于真实网络流量的评测,比较了几种经典匹配算法在不同规则集上的匹配速度、内存占用和预处理时间等性能指标,并给出了不同需求场景下高效正则表达式匹配算法的选择建议,归纳了高性能正则表达式匹配算法的下一步发展方向。 相似文献
7.
针对现有网络入侵检测方法中存在的不足,引入否定模式(NP)匹配的策略,提出了基于NP模式的报文检测方法。该方法先从待测报文内容模式集合中找出NP模式,根据NP模式将待测数据流分段;然后通过模式匹配引擎对分段内容进行模式匹配。实验结果表明,该方法能降低误报率,减少报文匹配次数,提高检测效率。 相似文献
8.
吕昭李韬 《计算机工程与科学》2014,36(5):860-865
随着软件定义网络、OpenFlow等技术的兴起,传统的基于5元组的报文分类技术已不能满足OpenFlow基于多元组的细粒度流量控制需求。因此,以分析已有的报文分类算法为基础,采用分而治之的思想,针对OpenFlow报文分类的精确匹配需求,设计实现了一种基于Hash的计数型链表Bloom Filter算法--OF_CBF算法。针对OpenFlow报文分类的通配匹配需求,借鉴正则表达式匹配算法思想,设计实现了基于有限自动机的报文匹配算法--OF_FSMP算法。对两种算法进行分析验证,并初步对两种算法进行了性能分析。 相似文献
9.
正则表达式是数据验证技术中功能最为强大的输入控制技术。传统的基于NFA的正则表达式引擎的匹配速度低。通过正则表达式与自动机等价的原理,研究了通过最小化的确定的有限自动机(DFA)来等价实现.NET中正则表达式的数据验证的机制,以期提高正则表达式的匹配速度。 相似文献
10.
随着网络带宽的快速增长,正则表达式匹配逐渐成为网络数据处理系统的性能瓶颈。为了获得更高的匹配效率,基于FPGA的正则表达式匹配引擎成为近年来的研究热点之一,而将正则表达式高效的转换成硬件描述语言是其中的关键技术。首先分析了正则表达式转换为硬件电路的算法,然后在此算法基础上实现了一个编译器。最后在Modelsim平台上进行了仿真,仿真结果证明了编译器的正确性。 相似文献
11.
正则表达式方程组的最小解 总被引:1,自引:1,他引:0
网络安全检测中,正则表达式匹配是深度包检测的主要手段,匹配算法则是其关键技术。目前,正则表达式匹配算法可以大体分为转换压缩、状态压缩和字母表压缩三类。文章讨论正则表达式方程组最小解及其求解算法,证明了正则表达式方程组的最小解的存在性和基于Gauss消元法的求解算法的正确性,给出了最小解的构造,分析了求解算法的时间复杂度... 相似文献
12.
13.
《Computer Standards & Interfaces》2014,36(5):880-888
A key technique of network security inspection is by using the regular expression matching to locate the specific fingerprints of networking applications or attacks in the packet flows, and accordingly identify the underlying applications or attacks. However, due to the surge of various networking applications and attacks in recent years, even more fingerprints need to be investigated in this process, which leads to a high demand on a large memory space for regular expression matching. In addition, with the frequent upgrading of the network links nowadays, the network flow rate also increases dramatically. As a result, it demands the fast operation of regular expression matching accordingly with the enhanced throughput for network inspection. However, due to the limited space of the fast memory, the requirements on fast operations and large memory space are conflicting. On addressing this challenge, in this paper, we propose to use hybrid memory for regular expression matching. In specific, by investigating on the transition table state access probability through the Markov theory, it can be observed that there exist a number of states which are much more frequently accessed than others. Therefore, we devise a matching engine which is suitable for FPGA implementation with two-level memories, where the first-level memory uses the on-chip memory of FPGA to cache the frequently accessed state transitions, and the second-level memory, composed of slow and cheap DRAM, stores the whole state transitions. Furthermore, the L7-filter's regular expression patterns have been applied to obtain the state access probability, and different quantities of memory assignment approaches have also been investigated to evaluate the throughput. 相似文献
14.
Po-Ching Lin Ying-Dar Lin Tsern-Huei Lee Yuan-Cheng Lai 《Computer》2008,41(4):23-28
String matching has sparked renewed research interest due to its usefulness for deep packet inspection in applications such as intrusion detection, virus scanning, and Internet content filtering. Matching expressive pattern specifications with a scalable and efficient design, accelerating the entire packet flow, and string matching with high-level semantics are promising topics for further study. 相似文献
15.
Yi Tang Junchen Jiang Chengchen Hu Bin Liu 《Journal of Network and Systems Management》2012,20(2):155-180
There is an increasing demand for network devices to perform deep packet inspection (DPI) in order to enhance network security.
In DPI, the packet payload is compared against a set of predefined patterns that can be specified using regular expressions
(regexes). It is well-known that mapping regexes to deterministic finite automaton (DFA) may suffer from the state explosion
problem. Through observation, we attribute DFA explosion to the necessity of remembering matching history. In this paper,
we investigate how to manage matching history efficiently and propose an extended DFA approach for regex matching called fcq-FA,
which can make a memory size reduction of about 1,000 times with a fully automated approach. In fcq-FA, we use pipeline queues
and counters to help record the matching history. Hence, state explosion caused by Kleene closure and length restriction can
be completely avoided. Furthermore, it achieves a fully automated signature compilation with polynomial running time and space.
The equivalence between fcq-FA and the traditional DFA is guaranteed by a strict theoretical proof, which means fcq-FA can
process all the regexes supported by the traditional DFA. 相似文献
16.
Inspection engines that can inspect network content for application-layer information are urgently required. In-depth packet inspection engines, which search the whole packet payload, can identify the interested packets that contain certain patterns. Network equipment then utilizes the searching results from the inspection engines for application-oriented management. The most important technology for fast packet inspection is an efficient multi-pattern matching algorithm to perform exact string matching between packets and a large set of patterns. This paper proposes a novel hierarchical multi-pattern matching algorithm (HMA) for packet inspection. HMA builds hierarchical index tables from the most frequent common-codes, and efficiently reduces the amount of external memory accesses and memory space by two-tier and cluster-wise matching. Analysis and simulation results reveal that HMA performs much better than state-of-the-art matching algorithms. In particular, HMA can update patterns incrementally, thus creating a reliable network system. 相似文献