A New Packet Filter Schema Based on Multi-level Signature Hash and DFA Grouping

Yumeng Wang; Yuping Wang; Xingsi Xue; Chen Zhang; Yuanliang Huo

A New Packet Filter Schema Based on Multi-level Signature Hash and DFA Grouping

Yumeng Wang, Yuping Wang, Xingsi Xue, Chen Zhang, Yuanliang Huo

Published: 01 Jan 2014, Last Modified: 13 Nov 2024CIS 2014EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: Packet filter system based on high speed match engine of REGular EXPressions (REGEXP) plays an important role in domain of Intrusion Detection System (IDS), Deep Packet Inspection (DPI) system, network security and traffic monitoring, etc. However, the existing filter schemas suffer from several deficiencies in matching speed and memory footprint, such as traditional DFA matching, single-level signature hash and DFA grouping. To overcome these shortcomings, in this paper, a new packet filter schema based on multilevel signature and DFA grouping is proposed. In particular, an algorithm called "DFA pseudo-split" is presented in our proposal to overcome the shortage of signatures. The experimental results show that our proposal significantly outperforms the traditional filter schemas.

Loading