TY - GEN
T1 - A workload for evaluating deep packet inspection architectures
AU - Becchi, Michela
AU - Franklin, Mark
AU - Crowley, Patrick
PY - 2008
Y1 - 2008
N2 - High-speed content inspection of network traffic is an important new application area for programmable networking systems, and has recently led to several proposals for high-performance regular expression matching. At the same time, the number and complexity of the patterns present in well-known network intrusion detection systems has been rapidly increasing. This increase is important since both the practicality and the performance of specific pattern matching designs are strictly dependent upon characteristics of the underlying regular expression set. However, a commonly agreed upon workload for the evaluation of deep packet inspection architectures is still missing, leading to frequent unfair comparisons, and to designs lacking in generality or scalability. In this paper, we propose a workload for the evaluation of regular expression matching architectures. The workload includes a regular expression model and a traffic generator, with the former characterizing different levels of expressiveness within rule-sets and the latter characterizing varying degrees of malicious network activity. The proposed workload is used here to evaluate designs (e.g., different memory layouts and hardware organizations) where the matching algorithm is based on compressed deterministic and non deterministic finite automata (DFAs and NFAs).
AB - High-speed content inspection of network traffic is an important new application area for programmable networking systems, and has recently led to several proposals for high-performance regular expression matching. At the same time, the number and complexity of the patterns present in well-known network intrusion detection systems has been rapidly increasing. This increase is important since both the practicality and the performance of specific pattern matching designs are strictly dependent upon characteristics of the underlying regular expression set. However, a commonly agreed upon workload for the evaluation of deep packet inspection architectures is still missing, leading to frequent unfair comparisons, and to designs lacking in generality or scalability. In this paper, we propose a workload for the evaluation of regular expression matching architectures. The workload includes a regular expression model and a traffic generator, with the former characterizing different levels of expressiveness within rule-sets and the latter characterizing varying degrees of malicious network activity. The proposed workload is used here to evaluate designs (e.g., different memory layouts and hardware organizations) where the matching algorithm is based on compressed deterministic and non deterministic finite automata (DFAs and NFAs).
UR - http://www.scopus.com/inward/record.url?scp=56449093380&partnerID=8YFLogxK
U2 - 10.1109/IISWC.2008.4636093
DO - 10.1109/IISWC.2008.4636093
M3 - Conference contribution
AN - SCOPUS:56449093380
SN - 9781424427789
T3 - 2008 IEEE International Symposium on Workload Characterization, IISWC'08
SP - 79
EP - 89
BT - 2008 IEEE International Symposium on Workload Characterization, IISWC'08
T2 - 2008 IEEE International Symposium on Workload Characterization, IISWC'08
Y2 - 14 September 2008 through 16 September 2008
ER -