Accelerating regular expression matching over compressed HTTP

Michela Becchi; Anat Bremler-Barr; David Hay; Omer Kochba; Yaron Koral

doi:10.1109/INFOCOM.2015.7218421

Accelerating regular expression matching over compressed HTTP

Michela Becchi, Anat Bremler-Barr, David Hay, Omer Kochba, Yaron Koral

The Rachel and Selim Benin School of Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

14 Scopus citations

Abstract

This paper focuses on regular expression matching over compressed traffic. The need for such matching arises from two independent trends. First, the volume and share of compressed HTTP traffic is constantly increasing. Second, due to their superior expressibility, current Deep Packet Inspection engines use regular expressions more and more frequently. We present an algorithmic framework to accelerate such matching, taking advantage of information gathered when the traffic was initially compressed. HTTP compression is typically performed through the GZIP protocol, which uses back-references to repeated strings. Our algorithm is based on calculating (for every byte) the minimum number of (previous) bytes that can be part of a future regular expression matching. When inspecting a back-reference, only these bytes should be taken into account, thus enabling one to skip repeated strings almost entirely without missing a match. We show that our generic framework works with either NFA-based or DFA-based implementations and gains performance boosts of more than 70%. Moreover, it can be readily adapted to most existing regular expression matching algorithms, which usually are based either on NFA, DFA or combinations of the two. Finally, we discuss other applications in which calculating the number of relevant bytes becomes handy, even when the traffic is not compressed.

Original language	American English
Title of host publication	2015 IEEE Conference on Computer Communications, IEEE INFOCOM 2015
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	540-548
Number of pages	9
ISBN (Electronic)	9781479983810
DOIs	https://doi.org/10.1109/INFOCOM.2015.7218421
State	Published - 21 Aug 2015
Event	34th IEEE Annual Conference on Computer Communications and Networks, IEEE INFOCOM 2015 - Hong Kong, Hong Kong Duration: 26 Apr 2015 → 1 May 2015

Publication series

Name	Proceedings - IEEE INFOCOM
Volume	26
ISSN (Print)	0743-166X

Conference

Conference	34th IEEE Annual Conference on Computer Communications and Networks, IEEE INFOCOM 2015
Country/Territory	Hong Kong
City	Hong Kong
Period	26/04/15 → 1/05/15

Bibliographical note

Publisher Copyright:
© 2015 IEEE.

Access to Document

10.1109/INFOCOM.2015.7218421

Cite this

Becchi, M., Bremler-Barr, A., Hay, D., Kochba, O., & Koral, Y. (2015). Accelerating regular expression matching over compressed HTTP. In 2015 IEEE Conference on Computer Communications, IEEE INFOCOM 2015 (pp. 540-548). Article 7218421 (Proceedings - IEEE INFOCOM; Vol. 26). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/INFOCOM.2015.7218421

@inproceedings{bf8b6d6073f3400b8624aec545168933,

title = "Accelerating regular expression matching over compressed HTTP",

abstract = "This paper focuses on regular expression matching over compressed traffic. The need for such matching arises from two independent trends. First, the volume and share of compressed HTTP traffic is constantly increasing. Second, due to their superior expressibility, current Deep Packet Inspection engines use regular expressions more and more frequently. We present an algorithmic framework to accelerate such matching, taking advantage of information gathered when the traffic was initially compressed. HTTP compression is typically performed through the GZIP protocol, which uses back-references to repeated strings. Our algorithm is based on calculating (for every byte) the minimum number of (previous) bytes that can be part of a future regular expression matching. When inspecting a back-reference, only these bytes should be taken into account, thus enabling one to skip repeated strings almost entirely without missing a match. We show that our generic framework works with either NFA-based or DFA-based implementations and gains performance boosts of more than 70%. Moreover, it can be readily adapted to most existing regular expression matching algorithms, which usually are based either on NFA, DFA or combinations of the two. Finally, we discuss other applications in which calculating the number of relevant bytes becomes handy, even when the traffic is not compressed.",

author = "Michela Becchi and Anat Bremler-Barr and David Hay and Omer Kochba and Yaron Koral",

note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; 34th IEEE Annual Conference on Computer Communications and Networks, IEEE INFOCOM 2015 ; Conference date: 26-04-2015 Through 01-05-2015",

year = "2015",

month = aug,

day = "21",

doi = "10.1109/INFOCOM.2015.7218421",

language = "American English",

series = "Proceedings - IEEE INFOCOM",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "540--548",

booktitle = "2015 IEEE Conference on Computer Communications, IEEE INFOCOM 2015",

address = "United States",

}

Becchi, M, Bremler-Barr, A, Hay, D, Kochba, O & Koral, Y 2015, Accelerating regular expression matching over compressed HTTP. in 2015 IEEE Conference on Computer Communications, IEEE INFOCOM 2015., 7218421, Proceedings - IEEE INFOCOM, vol. 26, Institute of Electrical and Electronics Engineers Inc., pp. 540-548, 34th IEEE Annual Conference on Computer Communications and Networks, IEEE INFOCOM 2015, Hong Kong, Hong Kong, 26/04/15. https://doi.org/10.1109/INFOCOM.2015.7218421

Accelerating regular expression matching over compressed HTTP. / Becchi, Michela; Bremler-Barr, Anat; Hay, David et al.
2015 IEEE Conference on Computer Communications, IEEE INFOCOM 2015. Institute of Electrical and Electronics Engineers Inc., 2015. p. 540-548 7218421 (Proceedings - IEEE INFOCOM; Vol. 26).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Accelerating regular expression matching over compressed HTTP

AU - Becchi, Michela

AU - Bremler-Barr, Anat

AU - Hay, David

AU - Kochba, Omer

AU - Koral, Yaron

PY - 2015/8/21

Y1 - 2015/8/21

N2 - This paper focuses on regular expression matching over compressed traffic. The need for such matching arises from two independent trends. First, the volume and share of compressed HTTP traffic is constantly increasing. Second, due to their superior expressibility, current Deep Packet Inspection engines use regular expressions more and more frequently. We present an algorithmic framework to accelerate such matching, taking advantage of information gathered when the traffic was initially compressed. HTTP compression is typically performed through the GZIP protocol, which uses back-references to repeated strings. Our algorithm is based on calculating (for every byte) the minimum number of (previous) bytes that can be part of a future regular expression matching. When inspecting a back-reference, only these bytes should be taken into account, thus enabling one to skip repeated strings almost entirely without missing a match. We show that our generic framework works with either NFA-based or DFA-based implementations and gains performance boosts of more than 70%. Moreover, it can be readily adapted to most existing regular expression matching algorithms, which usually are based either on NFA, DFA or combinations of the two. Finally, we discuss other applications in which calculating the number of relevant bytes becomes handy, even when the traffic is not compressed.

AB - This paper focuses on regular expression matching over compressed traffic. The need for such matching arises from two independent trends. First, the volume and share of compressed HTTP traffic is constantly increasing. Second, due to their superior expressibility, current Deep Packet Inspection engines use regular expressions more and more frequently. We present an algorithmic framework to accelerate such matching, taking advantage of information gathered when the traffic was initially compressed. HTTP compression is typically performed through the GZIP protocol, which uses back-references to repeated strings. Our algorithm is based on calculating (for every byte) the minimum number of (previous) bytes that can be part of a future regular expression matching. When inspecting a back-reference, only these bytes should be taken into account, thus enabling one to skip repeated strings almost entirely without missing a match. We show that our generic framework works with either NFA-based or DFA-based implementations and gains performance boosts of more than 70%. Moreover, it can be readily adapted to most existing regular expression matching algorithms, which usually are based either on NFA, DFA or combinations of the two. Finally, we discuss other applications in which calculating the number of relevant bytes becomes handy, even when the traffic is not compressed.

UR - http://www.scopus.com/inward/record.url?scp=84954231035&partnerID=8YFLogxK

U2 - 10.1109/INFOCOM.2015.7218421

DO - 10.1109/INFOCOM.2015.7218421

M3 - Conference contribution

AN - SCOPUS:84954231035

T3 - Proceedings - IEEE INFOCOM

SP - 540

EP - 548

BT - 2015 IEEE Conference on Computer Communications, IEEE INFOCOM 2015

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 34th IEEE Annual Conference on Computer Communications and Networks, IEEE INFOCOM 2015

Y2 - 26 April 2015 through 1 May 2015

ER -

Accelerating regular expression matching over compressed HTTP

Abstract

Publication series

Conference

Bibliographical note

Access to Document

Other files and links

Fingerprint

Cite this