Filters








28 Hits in 5.1 sec

Fast, memory-efficient regular expression matching with NFA-OBDDs

Liu Yang, Rezwana Karim, Vinod Ganapathy, Randy Smith
2011 Computer Networks  
Deterministic automata (DFAs) provide fast matching, but DFAs for large signature sets often consume gigabytes of memory because DFA combination results in a multiplicative increase in the number of states  ...  Modern network intrusion detection systems (NIDS) employ regular expressions as attack signatures. Internally, NIDS represent and operate these regular expressions as finite automata.  ...  Acknowledgments We thank Cristian Estan and Somesh Jha for useful discussions in the early stages of this project. This work was supported in part by NSF Grants 0831268, 0915394, 0931992 and 0952128.  ... 
doi:10.1016/j.comnet.2011.07.002 fatcat:xw7ngkos5zcn5jl26kwnv3cfd4

A Framework For Performance Evaluation Of ASIPs in Network-Based IDS

Majid Nezakatolhoseini
2012 International journal of network security and its applications  
A general solution for this bottleneck is exploitation of efficient hardware architectures for performance improvement of IDPS.  ...  The experiments show that the framework results 18.10% performance improvements for pattern matching on ARM7TDMI microprocessors.  ...  Usually, Deterministic Finite state Automaton (DFA) and Nondeterministic Finite state Automaton (NFA) are used for analysis of regular expressions.  ... 
doi:10.5121/ijnsa.2012.4504 fatcat:bom233uldza4db2vgbrjr5pr5q

Improving NFA-Based Signature Matching Using Ordered Binary Decision Diagrams [chapter]

Liu Yang, Rezwana Karim, Vinod Ganapathy, Randy Smith
2010 Lecture Notes in Computer Science  
Experiments using Snort HTTP and FTP signature sets show that an NFA-OBDD-based representation of regular expressions can outperform traditional NFAs by up to three orders of magnitude and is competitive  ...  Network intrusion detection systems (NIDS) make extensive use of regular expressions as attack signatures. Internally, NIDS represent and operate these signatures using finite automata.  ...  We thank Cristian Estan and Somesh Jha for useful discussions in the early stages of this project.  ... 
doi:10.1007/978-3-642-15512-3_4 fatcat:en3icdjxtnc7lns4b4ase3zhye

MULTI-GIGABIT PATTERN FOR DATA IN NETWORK SECURITY

Praveen Kumar . Ch, Prof.P.Vijai Bhaskar, Ravi. Ch, B.Rambhupal Reddy
2013 International journal of computer and communication technology  
The suggested methods have implemented in vhdl coding and we use Xilinx for synthesis.  ...  Various techniques have been proposed in past but the performance of the system is reducing because of multi-gigabit rates.Pattern matching is a significant issue in intrusion detection systems, but by  ...  Sidhu and Prassanna introduced regular expressions and Nondeterministic Finite Automata (NFAs) for finding matches to a given regular expression.  ... 
doi:10.47893/ijcct.2013.1204 fatcat:jx6ewq2me5dyrihyy4zpmkanj4

A Survey on the Application of FPGAs for Network Infrastructure Security

Hao Chen, Yu Chen, Douglas H. Summerville
2011 IEEE Communications Surveys and Tutorials  
Combining brief descriptions with intensive case-studies, we hope this survey will inspire more active research in this area.  ...  This paper presents a survey of the state-of-art in FPGA-based implementations that have been used in the network infrastructure security area, categorizing currently existing diverse implementations.  ...  Sidhu and Prasanna [95] mapped the NFA logic for regular expression onto a Xilinx Virtex FPGA and the Self-Reconfigurable Gate Array (SRGA) to perform fast pattern matching in 2001.  ... 
doi:10.1109/surv.2011.072210.00075 fatcat:4yew6yqt25expelxenskh22b4m

Symbolic Compilation of PSL

A. Cimatti, M. Roveri, S. Tonetta
2008 IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems  
PSL combines Linear Temporal Logic (LTL) with Sequential Extended Regular Expressions (SEREs), and thus provides a natural formalism to express all ω-regular properties.  ...  The IEEE standard Property Specification Language (PSL) is increasingly used in many phases of the hardware design cycle, from specification to verification.  ...  In this section, we basically use PSL to refer to logics that, similarly to SERELTL, combine LTL with regular expressions.  ... 
doi:10.1109/tcad.2008.2003303 fatcat:3dhaeft6hfc2lbhiwglizu3tha

Scalable Multigigabit Pattern Matching for Packet Inspection

Ioannis Sourdis, Dionisios N. Pnevmatikatos, Stamatis Vassiliadis
2008 IEEE Transactions on Very Large Scale Integration (vlsi) Systems  
In this paper we consider hardware-based scanning and analyzing packets payload in order to detect hazardous contents.  ...  Both techniques are well suited for reconfigurable logic and match about 2,200 intrusion detection patterns using a single Virtex2 FPGA device.  ...  Gaydadjiev for his valuable comments on PHmem algorithm, Carlo Galuzzi for his help on putting in mathematical forms several statements, and Christos Strydis for his comments which helped to improve the  ... 
doi:10.1109/tvlsi.2007.912036 fatcat:us5uiahwnrcplg5f3htjqbw2ii

String Constraints with Concatenation and Transducers Solved Efficiently (Technical Report) [article]

Lukas Holik, Petr Janku, Anthony W. Lin, Philipp Rümmer, Tomas Vojnar
2020 arXiv   pre-print
Such solvers typically reason about constraints expressed in theories over strings with the concatenation operator as an atomic constraint.  ...  Alternation offers not only exponential savings in space when representing Boolean combinations of transducers, but also a possibility of succinct representation of otherwise costly combinations of transducers  ...  Holík, Janků, and Vojnar were supported by the internal BUT grant agency (project FIT-S-17-4014) and the IT4IXS: IT4Innovations Excellence in Science (project LQ1602).  ... 
arXiv:2010.15975v1 fatcat:fmfbhjmfbvcszfnardrjjc3qmi

String constraints with concatenation and transducers solved efficiently

Lukáš Holík, Petr Janků, Anthony W. Lin, Philipp Rümmer, Tomáš Vojnar
2017 Proceedings of the ACM on Programming Languages  
In contrast to previous approaches using nondeterministic automata, alternation offers not only exponential savings in space when representing Boolean combinations of transducers, but also a possibility  ...  Although this results in an undecidable theory in general, it was recently shown that the straight-line fragment of the theory is decidable, and is sufficiently expressive in practice.  ...  9 We tried to replace the special-purpose transducers by a sequence of str.replaceall operations in order to match the syntactic fragment of the S3P solver [Trinh et al. 2016 ].  ... 
doi:10.1145/3158092 dblp:journals/pacmpl/HolikJLRV18 fatcat:3nty6ni7tjgkjobv663le7syg4

Bitwise optimised cam for network intrusion detection systems

S. Yusuf, W. Luk
International Conference on Field Programmable Logic and Applications, 2005.  
This paper presents a novel technique, based on a tree-based content addressable memory structure, for a pattern matching engine for use in a hardware-based network intrusion detection system.  ...  This technique involves hardware sharing at bit level in order to exploit powerful logic optimisations for multiple strings represented as a boolean expression.  ...  We use a tree-based Content Addressable Memory (CAM) structure for a pattern matching engine for use in a hardware-based network intrusion detection system.  ... 
doi:10.1109/fpl.2005.1515762 dblp:conf/fpl/YusufL05 fatcat:f4frrpm7pfdxzfnwtqcy6n7ncq

Efficient reduction of nondeterministic automata with application to language inclusion testing [article]

Lorenzo Clemente, Richard Mayr
2018 arXiv   pre-print
These techniques use criteria based on combinations of backward and forward trace inclusions and simulation relations.  ...  This can be used to scale up applications of automata in formal verification tools and decision procedures for logical theories.  ...  We provide a complete picture of which combinations of relations are correct to use for pruning.  ... 
arXiv:1711.09946v3 fatcat:3fgofy65d5cgbnklzcstmnc2zi

Controller optimization for protocol intensive applications

A. Crews, F. Brewer
Proceedings EURO-DAC '96. European Design Automation Conference with EURO-VHDL '96 and Exhibition  
Conclusions and Further Work We have described an algorithm for compilation of controllers using extended tree-based regular expressions into a gate-level circuit description.  ...  When a node in the DAG becomes an arbitrary combinational logic function of two terminals, it can always be reduced to a single terminal BDD node.  ...  The NFA specification used herein is derived from classical regular expressions.  ... 
doi:10.1109/eurdac.1996.558196 dblp:conf/eurodac/CrewsB96 fatcat:gtrsmrxi5rcxhfmw7hemtntubq

Constant-Delay Enumeration for Nondeterministic Document Spanners [article]

Antoine Amarilli, Pierre Bourhis, Stefan Mengel, Matthias Niewerth
2020 arXiv   pre-print
The resulting algorithm thus achieves tractability in combined complexity and the best possible data complexity bounds.  ...  Our goal is to have an algorithm which is tractable in combined complexity, i.e., in the sizes of the input document and the VA; while ensuring the best possible data complexity bounds in the input document  ...  These basic spanners are combined to more complex queries using the union operator and joins of the following form: "spanner matches at most characters after spanner matches".  ... 
arXiv:2003.02576v3 fatcat:wvfuwth5m5gjzldxtooidncdim

Data Provenance

Peter Buneman, Wang-Chiew Tan
2019 SIGMOD record  
In this paper, we establish conditions under which a commonly used sufficient condition for invariant confluence is both necessary and sufficient, and we use this condition to design a general-purpose  ...  it uses asynchronous incremental checkpointing instead of a WAL to implement group commit in a scalable bottleneck-free manner.  ...  This work was supported in part by a Hellman Fellowship and by the NIDDK of the NIH under award number R01DK114945.  ... 
doi:10.1145/3316416.3316418 fatcat:u4lmbha4fjgajlc46r66ryh7vi

Syntactic Optimizations for PSL Verification [chapter]

Alessandro Cimatti, Marco Roveri, Stefano Tonetta
Tools and Algorithms for the Construction and Analysis of Systems  
used in many phases of the hardware design cycle, from specification to verification.  ...  The IEEE standard Property Specification Language (PSL) allows to express all ω-regular properties mixing Linear Temporal Logic (LTL) with Sequential Extended Regular Expressions (SEREs), and is increasingly  ...  This combination results in ω-regular expressiveness, and enables to express many properties of practical interest in a compact and readable way.  ... 
doi:10.1007/978-3-540-71209-1_39 dblp:conf/tacas/CimattiRT07 fatcat:n6nsv6vvm5a4pozqycve2zkhia
« Previous Showing results 1 — 15 out of 28 results