期刊文献+

基于内容分析的协议识别研究 被引量:13

Protocol Identification Research Based on Content Analysis
下载PDF
导出
摘要 为解决多模式同时匹配的协议识别性能问题,提出了一种多模式组合有限状态机;以Thompson算法为基础,提出了一种压缩ε的NFA构造算法,该算法通过减少ε边及其对应状态,有效提高在协议模式编译时,NFA转换成DFA及DFA最小化过程的性能;基于上述理论与算法实现了一种One-Pass的组合多模式协议识别系统。实验表明:结合上述技术实现的系统,编译性能比标准DFA构造过程提高了7倍以上,匹配性能比L7-Filter提高了近20倍。 To solve the performance problem in Regular Expression matching of Protocol Identification, this paper introduces a Multi-pattern FSM (MPFSM), which can use one FSM to match several Regular Expressions. Based on Thompson algorithm, an Epsilon Compressed NFA Construction Algorithm is also put forward and implemented. This algorithm enhances the performance of conversion from NFA to DFA by decreasing the epsilon edges and the corresponding states. A One-pass Multiple-pattem protocol identification system is also implemented using the Multi-pattern FSM and corresponding algorithms. Experiments based on actual traffic are employed to show that the compile speed would be 7 times faster than the usual transfer process, and the Matching speed would be 20 times faster than the L7-Filter.
出处 《国防科技大学学报》 EI CAS CSCD 北大核心 2008年第4期82-87,共6页 Journal of National University of Defense Technology
基金 国家自然科学基金资助项目(90604006) 国家部委资助项目
关键词 网络安全 协议识别 模式匹配 正则表达式 network security protocol identification pattern matching regular expression
  • 相关文献

参考文献10

  • 1Application Layer Packet Classifier for Linux [ Z]. http://www. ipp2p. org.
  • 2IPP2P[ Z ]. http: //www. ipp2p. org.
  • 3Snort Network Intrusion Detection System [Z]. http://www.snort.org.
  • 4Bro Intrusion Detection System [Z]. http://bro-ids.org/Overview.
  • 5Hopcroft J E. Ullman J D. Introduction to Automata Theory, Languages, and Computation (Second Edition) [ M]. Boston: Addison-wesley, 2002.
  • 6Yu F, Chen Z F, Diao Y L. Fast and Memory-efficient Regular Expression Matching for Deep Packet Inspection[ R]. Berkeley: University of California, 2006.
  • 7Kumar S, Dharmapurikar S, Yu F. Algorithms to Accelerate Multiple Regular Expressions Matching for Deep Packet Inspection [ C]//SIGCOMM' 06, 2006:11 - 15.
  • 8Brodie B, Cytron R, Taylor D. A Scalable Architecture for High-throughput Regular-expression Pattern Matching[ C ]//ISCA'06 34(2), 2005:137 - 145.
  • 9Sidhu R, Prasanna V K. Fast Regular Expression Matching Using FPGAs [ C]//Proc. of the IEEE Syrup. on Field-programmable Custom Computing Machines, 2001:227 - 238.
  • 10Thompson K. Regular Expression Search Algorithm [C]//Communications of the ACM, 1968,11(6):410-422.

同被引文献86

引证文献13

二级引证文献18

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部