摘要
为解决多模式同时匹配的协议识别性能问题,提出了一种多模式组合有限状态机;以Thompson算法为基础,提出了一种压缩ε的NFA构造算法,该算法通过减少ε边及其对应状态,有效提高在协议模式编译时,NFA转换成DFA及DFA最小化过程的性能;基于上述理论与算法实现了一种One-Pass的组合多模式协议识别系统。实验表明:结合上述技术实现的系统,编译性能比标准DFA构造过程提高了7倍以上,匹配性能比L7-Filter提高了近20倍。
To solve the performance problem in Regular Expression matching of Protocol Identification, this paper introduces a Multi-pattern FSM (MPFSM), which can use one FSM to match several Regular Expressions. Based on Thompson algorithm, an Epsilon Compressed NFA Construction Algorithm is also put forward and implemented. This algorithm enhances the performance of conversion from NFA to DFA by decreasing the epsilon edges and the corresponding states. A One-pass Multiple-pattem protocol identification system is also implemented using the Multi-pattern FSM and corresponding algorithms. Experiments based on actual traffic are employed to show that the compile speed would be 7 times faster than the usual transfer process, and the Matching speed would be 20 times faster than the L7-Filter.
出处
《国防科技大学学报》
EI
CAS
CSCD
北大核心
2008年第4期82-87,共6页
Journal of National University of Defense Technology
基金
国家自然科学基金资助项目(90604006)
国家部委资助项目
关键词
网络安全
协议识别
模式匹配
正则表达式
network security
protocol identification
pattern matching
regular expression