Internet Archive Scholar

Using String Matching for Deep Packet Inspection

Po-Ching Lin, Ying-Dar Lin, Yuan-Cheng Lai, Tsern-Huei Lee
2008 Computer  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.9 MB)
https://web.archive.org/web/20120710194815/http://speed.cis.nctu.edu.tw/~ydlin/string%20matching.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2012; you can also visit the original URL. The file type is application/pdf.

String matching has sparked renewed research interest due to its usefulness for deep packet inspection in applications such as intrusion detection, virus scanning, and Internet content filtering. Matching expressive pattern specifications with a scalable and efficient design, accelerating the entire packet flow, and string matching with high-level semantics are promising topics for further study. A classical algorithm for decades, string matching has recently proven useful for deep packet
more » ... tion (DPI) to detect intrusions, scan for viruses, and filter Internet content. However, the algorithm must still overcome some hurdles, including becoming efficient at multigigabit processing speeds and scaling to handle large volumes of signatures. Before 2001, researchers in packet processing were most interested in longest-prefix matching in the routing table on Internet routers and multifield packet classification in the packet header for firewalls and quality-of-service applications. 1 However, DPI for various signatures is now of greater interest. Intrusion detection, virus scanning, content filtering, instant-messenger management, and peer-to-peer identification all can use string matching for inspection. Much work has been done in both algorithm design and hardware implementation to accelerate the inspection, reduce pattern storage space, and efficiently handle regular expressions. According to our survey of recent publications about string matching from IEEE Xplore (http://ieeexplore.ieee.org) and the ACM digital library (http://portal.acm.org/dl.cfm), researchers formerly were more interested in pure algorithms for either theoretical interest or general applications, while algorithms for DPI have attracted more attention lately. Likewise, to meet the demand for higher processing speeds, researchers are focusing on hardware implementation in application-specific integrated circuits and field-programmable gate arrays, as well as parallel multiple processors. Since 2004, ACM and IEEE publications have featured 34 articles on ASICs and FPGAs compared to nine in the 1990s and nine again between 2000 and 2003. ACM and IEEE publications have published 10 articles on multiple processors since 2004, with 10 published during the 1990s, and three between
doi:10.1109/mc.2008.138 fatcat:rreuv55x4vbjdd5dklob75fceu
Citation

Po-Ching Lin, Ying-Dar Lin, Yuan-Cheng Lai, Tsern-Huei Lee. "Using String Matching for Deep Packet Inspection." Computer 41.4 (2008) 23-28