an improved algorithm to accelerate regular expression
play

An Improved Algorithm to Accelerate Regular Expression Evaluation - PowerPoint PPT Presentation

Dec 03, 2023 •144 likes •391 views

An Improved Algorithm to Accelerate Regular Expression Evaluation Michela Becchi and Patrick Crowley ANCS 2007 Context Regular expression matching is a critical operation in networking Intrusion detection Context based billing

  1. An Improved Algorithm to Accelerate Regular Expression Evaluation Michela Becchi and Patrick Crowley ANCS 2007

  2. Context � Regular expression matching is a critical operation in networking » Intrusion detection » Context based billing » Peer-to-peer traffic detection and prioritization » Application level filtering � Challenge: perform regular expression matching at line rate, given data-sets of hundreds (or thousands) of patterns » Processing time » Memory requirement (occupancy and bandwidth) Michela Becchi - 1/9/2008

  3. Background & Problem definition � Two algorithmic solutions » Non deterministic finite automata (NFAs) – High time complexity/memory bandwidth requirements – Compact representation » Deterministic finite automata (DFAs) – Low time complexity – Potentially high storage requirement � Multiple implementation approaches » FPGA [Sidhu 2001, Clark 2003, Moscola 2003] » Software [Paxson 1998, Roesch 1999, Tuck 2004] » Custom hardware [Kumar 2006] � Problem: given a DFA, find a representation 1. compact 2. allowing an acceptable bound of memory bandwidth requirement/processing time Michela Becchi - 1/9/2008

  4. Background - D 2 FA � Observation: » DFAs from practical datasets have redundancy in state transitions � Idea: » default transitions: non-consuming transitions s 3 s 3 a a b s 4 b s 4 s 1 s 1 c c s 5 s 5 s 3 a b s 4 s 2 c s 6 s 2 c s 6 � Implication: » Traversal time / memory bandwidth requirement dependent upon maximum default path length Michela Becchi - 1/9/2008

  5. Background – D 2 FA construction RegEx: ab + c + , cd + and bd + e from 1-8 Space reduction graph b a b 3 1 2 2 1 c 4 3 Remaining a c 4 3 transitions c 5 3 8 3 c 0 d 4 4 4 c d d 0 4 5 4 c 4 d 4 c 7 4 c 4 c 8 4 e b 4 5 4 d 6 7 5 6 4 b d from 3-8 Michela Becchi - 1/9/2008

  6. Background – D 2 FA construction RegEx: ab + c + , cd + and bd + e Space reduction graph from 1-8 b a [4] b 3 [4] 1 2 1 2 c 4 3 Remaining a 4 [3] [4] c 5 3 3 transitions c 8 3 [3] 0 c d 4 4 4 c d d 4 0 4 5 4 c 4 4 d 7 [2] c 4 c [4] 4 c 8 e 4 b 5 4 d 5 6 7 6 [3] 4 [3] b Diameter bound=4 � d from 3-8 removed transitions=33 Michela Becchi - 1/9/2008

  7. Background – D 2 FA construction RegEx: ab + c + , cd + and bd + e D 2 FA Space reduction graph from 1-8 b b a [4] b b 3 [4] 1 2 1 2 1 2 c 4 3 Remaining a c 4 [3] 3 [4] c 5 d a 3 3 transitions c 8 3 [3] c 0 c d 4 e 4 d 4 d c d 4 0 5 d 4 0 4 5 4 c d 4 4 d 7 b [2] c 4 c 8 [4] 4 e c 8 e 4 b 5 4 d 6 7 d 5 6 7 6 [3] 4 [3] b Diameter bound=4 � d from 3-8 removed transitions=33 Michela Becchi - 1/9/2008

  8. Background – D 2 FA construction RegEx: ab + c + , cd + and bd + e D 2 FA Space reduction graph from 1-8 b b a [4] b b 3 [4] 1 2 1 2 1 2 c 4 3 Remaining a c 4 [3] 3 [4] c 5 d a 3 3 transitions c 8 3 [3] c 0 c d 4 e 4 d 4 d c d 4 0 5 d 4 0 4 5 4 c d 4 4 d 7 b [2] c 4 c 8 4 e c 8 e 4 b 5 4 d 6 7 d 5 6 7 6 [3] 4 [3] b Diameter bound= 4 � d from 3-8 removed transitions=33 [2] [2] 3 1 2 3 4 2 [2] [2] 4 3 8 5 3 Traversal time=O((D/2+1)N) 0 4 Time complexity=O(n 2 logn) 4 4 [1] 4 3 4 Space complexity=O(n 2 ) 3 [2] 7 4 [1] 4 4 4 5 4 4 [2] 5 [2] 6 4 Diameter bound= 2 � removed transitions=28 Michela Becchi - 1/9/2008

  9. Transition redundancy: why? RegEx: ab + c + , cd + and bd + e from 1-8 b a b 1 2 c � Forward transitions: Remaining a c 3 transitions c » Matches c d » State specific c d d 0 4 5 c � Backward transitions: d c c c 8 e b » Mismatch 6 7 d » Shared by multiple states b from 3-8 d � Idea: » Introduce state depth: minimum distance from entry state » Orient default transitions only backwards (towards decreasing depth) � Pros: » Traversal time O( 2 N) independent of the maximum default path length » Generality: no need of diameter bound parameter � Cons: » Possible compression loss Michela Becchi - 1/9/2008

  10. Our scheme RegEx: ab + c + , cd + and bd + e from 1-8 Reduced graph b Oriented space reduction graph [2] a b [1] b 3 1 2 1 2 b c 4 3 2 1 Remaining [3] a 4 c 3 transitions c [1] 3 8 5 3 c c 3 d 0 a d 4 c 4 4 c d 4 [2] d 0 4 5 e d [0] 4 d c 0 4 5 d c 7 4 4 c 4 d [3] c [1] 8 e 4 4 b b 8 5 d e 6 7 d 5 6 [2] 4 6 7 b d NO diameter bound from 3-8 Time complexity=O(2N) removed transitions=33 � Observations: » Maximum spanning tree on oriented graph: Edmonds and Chu solutions – 2 steps: edge selection and cycle resolution » No cycles: – Space reduction graph not necessary Traversal time=O(2N) – Simple breath-first traversal algorithm Time complexity=O(n 2 ) Space complexity=O(n) Michela Becchi - 1/9/2008

  11. Discussion � Generalization (Jon Turner’s observation) » Allowing default transitions only from depth d to depth ≤ d-k , w/ k ≥ 1 , leads to worst case traversal time + N ⎛ 1 ⎞ k O ⎜ ⎟ ⎝ ⎠ k – Time and space complexity of the construction algorithm still O(n 2 ) and O(n) – Examples: � k=1 � traversal O(2N) � k=2 � traversal O(1.5N) � k=3 � traversal O(1.33N) � k=4 � traversal O(1.25N) � Compression » D 2 FA: – Constraint: diameter bound – Heuristic » Our algorithm: – Constraint: orientation (may be not a problem for RegEx originated DFAs) – Optimal solution Michela Becchi - 1/9/2008

  12. Discussion (cont’d) � Default transitions and depth computation through breath-first traversal » Default transitions can be computed during subset construction, that is, at DFA creation time. � D 2 FA space complexity can be an issue for big DFAs » O(n 2 ): space reduction graph » Using adjacency list 17B/edge struct wgedge { vertex l,r; // endpoints of the edge weight wt; // edge weight edge lnext; //link to next edge incident to l edge rnext; //link to next edge incident to r } *edges; » Fully connected graph w/ ~11K nodes will require 1GB storage » Possible solutions: partial graphs based on weight – Multiple scans – Effect on algorithm’s execution time Michela Becchi - 1/9/2008

  13. Discussion (cont’d) � Traversal locality » DFA traversal exhibits locality » Average traffic tends to mismatch » States at low depths tend to be traversed more » Backward default transition reiterate the traversal of likely states Michela Becchi - 1/9/2008

  14. Alphabet reduction � Observation: » Some symbols are treated in the same way over the whole DFA [ δ (s,c i )= δ (s,c j ) for each state s є DFA] » Example: –Ignore case –\n, \r –unused characters � Idea: » Group characters into classes » Mapping filter � Algorithm: » Sequence of clustering operations » Breath-first traversal w/ O(n 2 ) complexity » Applicable at DFA creation time Michela Becchi - 1/9/2008

  15. Evaluation: rule-sets % RegEx w/ % RegEx w/ ASCII length wild-cards char ranges ≥ 5 Data-set range (*,+) 6..70 37.5 50 Snort24 15..99 38.2 32.4 Snort34 16..120 41.9 93.5 Snort31 9..13 90.9 9.1 Cisco11 15..73 32.6 27.9 Cisco43 3..50 0 1.6 Cisco612 5..76 1.4 13.4 Bro217 Michela Becchi - 1/9/2008

  16. Evaluation - compression D 2 FA algorithm Our algorithm Original DFA Compression (as a function of the diameter bound) # max max of % du- DB=2 DB=6 DB=10 DB=14 DB= def. Compre def. ∞ Dataset states plicates length ssion length 13886 98.97 89.59 98.48 98.91 98.92 98.92 16 98.71 12 Snort24 13825 98.91 89.33 98.48 98.85 98.86 98.86 16 98.69 10 Snort34 20052 98.93 74.42 97.18 98.42 98.6 98.63 13 98.44 6 Snort31 24011 97.45 86.73 97.08 97.37 97.38 97.38 12 96.63 8 Cisco11 20320 99.06 90.16 98.46 99 99.05 99.05 14 98.97 8 Cisco43 11309 99.5 79.3 97.46 98.93 99.18 99.25 12 99.09 5 Cisco612 6533 99.57 76.49 97.9 99.07 99.4 99.41 9 99.33 9 Bro217 Michela Becchi - 1/9/2008

  17. Evaluation – number of transitions 1400000 x1 6 distinct transitions 1200000 our algorithm D2FA, DB=2 1000000 D2FA, DB= ∞ Number of transitions x4 800000 x2 3 600000 x9 .5 x8 x8 x3 5 400000 200000 0 Snort24 Snort34 Snort31 Cisco11 Cisco43 Cisco612 Bro217 Rule-set Michela Becchi - 1/9/2008

  18. Alphabet reduction’s effect D 2 FA, DB=2 D 2 FA, DB= ∞ Our algorithm alp compression Compression Dataset ha transitio % compression % % # of bet ns Trans. Trans. nodes size BAR AAR after AR BAR AAR after AR BAR AAR after AR 13886 46 89.59 97.87 75752 98.92 99.49 18095 98.71 99.4 21504 Snort24 13825 51 89.33 97.63 84046 98.86 99.47 18856 98.69 99.43 20342 Snort34 20052 53 74.42 94.48 283339 98.63 99.21 40347 98.44 99.13 44819 Snort31 24011 38 86.73 97.74 138922 97.38 99.24 46689 96.63 99.09 55955 Cisco11 20320 65 90.16 97.09 151161 99.05 99.31 36037 98.97 99.27 37784 Cisco43 11309 115 79.3 90.46 276110 99.25 99.33 19316 99.09 99.2 23139 Cisco612 6533 111 76.49 89.59 174035 99.41 99.43 9526 99.33 99.34 10957 Bro217 Michela Becchi - 1/9/2008

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Regular a regular expression I Example 1.68 Consider the following DFA b a 1 2 a b a

Regular a regular expression I Example 1.68 Consider the following DFA b a 1 2 a b a

Regular a regular expression I Example 1.68 Consider the following DFA b a 1 2 a b a b 3 September 22, 2020 1 / 10 Regular a regular expression II It is not that easy to directly see what the regular expression is We need a

140 views • 10 slides
Regular Expression More conventionally called a pattern An expression that

Regular Expression More conventionally called a pattern An expression that

Regular Expression More conventionally called a pattern An expression that describes a set of strings Gives a concise description of the set without listing all elements There are usually multiple regular expressions

817 views • 13 slides
Lec 03. Regular expression, Pumping lemma Eunjung Kim F ORMAL DEFINITION OF R EGULAR EXPRESSION

Lec 03. Regular expression, Pumping lemma Eunjung Kim F ORMAL DEFINITION OF R EGULAR EXPRESSION

C OMPUTABILITY AND C OMPLEXITY , 2020 F ALL SEMESTER Lec 03. Regular expression, Pumping lemma Eunjung Kim F ORMAL DEFINITION OF R EGULAR EXPRESSION R EGULAR EXPRESSION OVER A FINITE ALPHABET Regular expression over is a string consisting

710 views • 13 slides
Regular Expressions CS 2110 What is a regular expression? A special string for describing a

Regular Expressions CS 2110 What is a regular expression? A special string for describing a

Regular Expressions CS 2110 What is a regular expression? A special string for describing a pattern of characters. Examples: Regular expression Description One of three characters (a, b, OR c) [abc] A single lowercase letter [a-z] A

388 views • 17 slides
Regular Expressions A regular expression describes a language using three operations. Regular

Regular Expressions A regular expression describes a language using three operations. Regular

Regular Expressions A regular expression describes a language using three operations. Regular Expressions A regular expression (RE) describes a language. It uses the three regular operations. These are called union/or , concatenation and star .

449 views • 17 slides
COMP364: Regular expression in Python Jrme Waldisphl, McGill

COMP364: Regular expression in Python Jrme Waldisphl, McGill

COMP364: Regular expression in Python Jrme Waldisphl, McGill University DefiniHon A regular expression (a.k.a. Regexp) is a specific paNern that provides

155 views • 11 slides
Chapter 3: Searching/Substitution: regular expression CISC3130, Spring 2013 Xiaolan Zhang 1 1

Chapter 3: Searching/Substitution: regular expression CISC3130, Spring 2013 Xiaolan Zhang 1 1

Chapter 3: Searching/Substitution: regular expression CISC3130, Spring 2013 Xiaolan Zhang 1 1 Outline Shell globbing, or pathname expansion Grep, egrep, fgrep regular expression sed cut, paste, comp, uniq, sort 2 2

897 views • 69 slides
Regular expressions as types: Bit-coded regular expression parsing Fritz Henglein Department of

Regular expressions as types: Bit-coded regular expression parsing Fritz Henglein Department of

Regular expressions as types: Bit-coded regular expression parsing Fritz Henglein Department of Computer Science University of Copenhagen Email: henglein@diku.dk WG 2.8 Meeting, Marble Falls, 2011-03-07 Joint work with Lasse Nielsen, DIKU

987 views • 37 slides
Leftmost Longest Regular Expression Matching in Reconfigurable Logic Kubilay Atasu IBM Research

Leftmost Longest Regular Expression Matching in Reconfigurable Logic Kubilay Atasu IBM Research

Leftmost Longest Regular Expression Matching in Reconfigurable Logic Kubilay Atasu IBM Research - Zurich kat@zurich.ibm.com Abstract Regular expression (regex) matching is an essential part of text analytics and network intrusion detection

189 views • 7 slides
A compact proof of decidability for regular expression equivalence ITP 2012 Princeton, USA

A compact proof of decidability for regular expression equivalence ITP 2012 Princeton, USA

A compact proof of decidability for regular expression equivalence A compact proof of decidability for regular expression equivalence ITP 2012 Princeton, USA Andrea Asperti Department of Computer Science University of Bologna 25/08/2011 A

726 views • 33 slides
Regular Expressions Greg Plaxton Theory in Programming Practice, Spring 2004 Department of

Regular Expressions Greg Plaxton Theory in Programming Practice, Spring 2004 Department of

Regular Expressions Greg Plaxton Theory in Programming Practice, Spring 2004 Department of Computer Science University of Texas at Austin What is a Regular Expression? A regular expression defines a (possibly infinite) set of strings over a

406 views • 13 slides
1 Finite Automata and Regular Expressions Motivation: Given a pattern (regular expression) for

1 Finite Automata and Regular Expressions Motivation: Given a pattern (regular expression) for

1 Finite Automata and Regular Expressions Motivation: Given a pattern (regular expression) for string searching, we might want to convert it into a deterministic finite automaton or nondeter- ministic finite automaton to make string searching

489 views • 20 slides
Regular Expression Matching in Reconfigurable Hardware IOANNIS SOURDIS AND STAMATIS VASSILIADIS

Regular Expression Matching in Reconfigurable Hardware IOANNIS SOURDIS AND STAMATIS VASSILIADIS

Journal of Signal Processing Systems 51, 99121, 2008 * 2007 Springer Science + Business Media, LLC Manufactured in The United States. DOI: 10.1007/s11265-007-0131-0 Regular Expression Matching in Reconfigurable Hardware IOANNIS SOURDIS AND

545 views • 23 slides
Improved Genetic Algorithm: Channel Allocation in Mobile Computing D. P. Vidyarthi School of

Improved Genetic Algorithm: Channel Allocation in Mobile Computing D. P. Vidyarthi School of

Improved Genetic Algorithm: Channel Allocation in Mobile Computing D. P. Vidyarthi School of Computer & Systems Sciences Jawaharlal Nehru University New Delhi 2/6/2018 JNU, New Delhi Source Article Improved Genetic Algorithm for

609 views • 45 slides
Regular Expression Derivatives in Python Michael Paddon mwp@google.com These slides are

Regular Expression Derivatives in Python Michael Paddon mwp@google.com These slides are

Regular Expression Derivatives in Python Michael Paddon mwp@google.com These slides are licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. Motivation I want to generate scanners that have guaranteed

521 views • 23 slides
Better appreciation of true biological miRNA expression differences using an improved version of

Better appreciation of true biological miRNA expression differences using an improved version of

Better appreciation of true biological miRNA expression differences using an improved version of the global mean normalization strategy Jo Vandesompele professor, Ghent University co-founder and CEO, Biogazelle RNAi and miRNA world congres

448 views • 30 slides
Aleksander Mdry What will this talk be about? At a

Aleksander Mdry What will this talk be about? At a

Interior-point Methods and the Maximum Flow Problem Aleksander Mdry What will this talk be about? At a first glance: It is just a talk

708 views • 45 slides
Advanced Graph Algorithms Jan Dreier, Philipp Kuinke, Peter Rossmanith Lehr- und

Advanced Graph Algorithms Jan Dreier, Philipp Kuinke, Peter Rossmanith Lehr- und

Advanced Graph Algorithms Jan Dreier, Philipp Kuinke, Peter Rossmanith Lehr- und Forschungsgebiet Theoretische Informatik Overview Organisation Libraries Algorithms The Topic Graph algorithms are an important tool to solve problems and

495 views • 25 slides
Plan for today 1st half NP-Complete Problems A sampling of some NP Complete Problems

Plan for today 1st half NP-Complete Problems A sampling of some NP Complete Problems

Plan for today 1st half NP-Complete Problems A sampling of some NP Complete Problems 2nd half Final review Course evaluations. The Church-Turing Thesis Lets Review (1936) The Turing Machine Any algorithmic

274 views • 9 slides
The b -branching problem in digraphs Naonori Kakimura Keio Univ, JPN Naoyuki Kamiyama Kyushu

The b -branching problem in digraphs Naonori Kakimura Keio Univ, JPN Naoyuki Kamiyama Kyushu

The b -branching problem in digraphs Naonori Kakimura Keio Univ, JPN Naoyuki Kamiyama Kyushu Univ & JST PRESTO, JPN Kenjiro Takazawa Hosei Univ, JPN 3 2 2 MFCS 2018 @ Liverpool, UK Aug. 27-31, 2018 2 2 Overview 2 Branching b

381 views • 19 slides
rt tr r Prr

rt tr r Prr

rt tr r Prr r rt Prs st s

1.15k views • 67 slides
MA111: Contemporary mathematics . Jack Schmidt University of Kentucky October 19, 2011

MA111: Contemporary mathematics . Jack Schmidt University of Kentucky October 19, 2011

. MA111: Contemporary mathematics . Jack Schmidt University of Kentucky October 19, 2011 Schedule: HW Ch 5 Part Two is due Today, Oct 19th. HW Ch 5 Part Three is due Mon, Oct 24th. Exam 3 is Monday, Oct 24th, during class. Exams not graded

494 views • 4 slides
Matching is in quasi-NC Jakub Tarnawski joint work with Ola Svensson June 10, 2017 1/10 Jakub

Matching is in quasi-NC Jakub Tarnawski joint work with Ola Svensson June 10, 2017 1/10 Jakub

Matching is in quasi-NC Jakub Tarnawski joint work with Ola Svensson June 10, 2017 1/10 Jakub Tarnawski Matching is in quasi-NC Perfect matching problem Basic question in computer science Decision problem: Does given graph contain a

329 views • 22 slides
Fonctions de Lyapunov pour les EDP: analyse de la stabilit e et des perturbations Christophe

Fonctions de Lyapunov pour les EDP: analyse de la stabilit e et des perturbations Christophe

Fonctions de Lyapunov pour les EDP: analyse de la stabilit e et des perturbations Christophe Prieur Gipsa-lab, CNRS, Grenoble GT- Contr ole et Probl` emes inverses, F evrier 2011 1/35 Christophe Prieur Gipsa-lab, CNRS, Grenoble GT

954 views • 78 slides

More recommend