@inproceedings{216b1c853a4a4f648193478a9495c085,
title = "A hybrid finite automaton for practical deep packet inspection",
abstract = "Deterministic finite automata (DFAs) are widely used to perform regular expression matching in linear time. Several techniques have been proposed to compress DFAs in order to reduce memory requirements. Unfortunately, many realworld IDS regular expressions include complex terms that result in an exponential increase in number of DFA states. Since all recent proposals use an initial DFA as a startingpoint, they cannot be used as comprehensive regular expression representations in an IDS. In this work we propose a hybrid automaton which addresses this issue by combining the benefits of deterministic and non-deterministic finite automata. We test our proposal on Snort rule-sets and we validate it on real traffic traces. Finally, we address and analyze the worst case behavior of our scheme and compare it to traditional ones.",
keywords = "Deep packet inspection, DFA, NFA, Regular expressions",
author = "Michela Becchi and Patrick Crowley",
year = "2007",
doi = "10.1145/1364654.1364656",
language = "English",
isbn = "9781595937704",
series = "Proceedings of 2007 ACM CoNEXT Conference - 3rd International Conference on Emerging Networking EXperiments and Technologies, CoNEXT",
booktitle = "Proceedings of 2007 ACM CoNEXT Conference - 3rd International Conference on Emerging Networking EXperiments and Technologies, CoNEXT",
note = "2007 ACM CoNEXT Conference - 3rd International Conference on Emerging Networking EXperiments and Technologies, CoNEXT ; Conference date: 10-12-2007 Through 13-12-2007",
}