Skip to main content
SpringerLink
Log in
Book cover

IEEE International Conference on Cloud Computing

CloudCom 2009: Cloud Computing pp 529–540Cite as

APFA: Asynchronous Parallel Finite Automaton for Deep Packet Inspection in Cloud Computing

  • Conference paper

  • 15k Accesses

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 5931))

Abstract

Security in cloud computing is getting more and more important recently. Besides passive defense such as encryption, it is necessary to implement real-time active monitoring, detection and defense in the cloud. According to the published researches, DPI (deep packet inspection) is the most effective technology to realize active inspection and defense. However, most recent works of DPI aim at space reduction but could not meet the demands of high speed and stability in the cloud. So, it is important to improve regular methods of DPI, making it more suitable for cloud computing. In this paper, an asynchronous parallel finite automaton named APFA is proposed, by introducing the asynchronous parallelization and the heuristically forecast mechanism, which significantly decreases the time consumed in matching while still keeps reducing the memory required. What is more, APFA is immune to the overlapping problem so that the stability is also enhanced. The evaluation results show that APFA achieves higher stability, better performance on time and memory. In short, APFA is more suitable for cloud computing.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Buyya, R.: Market-Oriented Cloud Computing: Vision, Hype, and Reality of Delivering Computing as the 5th Utility. In: 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid (2009)

    Google Scholar 

  2. Vaquero, L.M., et al.: A Break in the Clouds: Towards a Cloud Definition. ACM SIGCOMM 39(1) (January 2009)

    Google Scholar 

  3. Leavitt, N.: Is cloud computing really ready for prime time? IEEE Computer Society, Los Alamitos (2009)

    Google Scholar 

  4. Armbrust, M., Fox, A., Griffith, R., et al.: Above the Clouds: A Berkeley View of Cloud Computing. University of California, Berkeley (2009)

    Google Scholar 

  5. Heiser, J., Nicolett, M.: Accessing the Security Risks of Cloud Computing. Gartner Inc., Stamford (2008)

    Google Scholar 

  6. Krautheim, F.J.: Private Virtual Infrastructure for Cloud Computing. University of Maryland, hotcloud (2009), http://usenix.org

  7. Krautheim, F.J., Phatak, D.S.: LoBot: Locator Bot for Securing Cloud Computing Environments. In: ACM Cloud Computing Security Workshop, Chicago, IL (submitted 2009)

    Google Scholar 

  8. Snort: Lightweight Intrusion Detection for Networks, http://www.Snort.org/

  9. Bro, http://www.bro-ids.org/

  10. Cisco Systems, http://www.cisco.com/

  11. Kumar, S., et al.: Algorithms to Accelerate Multiple Regular Expressions Matching for Deep Packet Inspection. In: ACM SIGCOMM 2006, Pisa, Italy (September 2006)

    Google Scholar 

  12. Kumar, S., et al.: Advanced Algorithms for Fast and Scalable Deep Packet Inspection. In: ACM ANCS 2006, San Jose, California, USA (December 2006)

    Google Scholar 

  13. Becchi, M., Crowley, P.: An improved algorithm to accelerate regular expression evaluation. In: Proc. of ANCS 2007, pp. 145–154 (2007)

    Google Scholar 

  14. Becchi, M., Cadambi, S.: Memory-efficient regular expression search using state merging. In: Proc. of INFOCOM 2007 (May 2007)

    Google Scholar 

  15. Kumar, S., et al.: Curing Regular Expressions Matching Algorithms from Insomnia, Amnesia, and Acalculia. In: ACM ANCS 2007, Orlando, Florida, USA (December 2007)

    Google Scholar 

  16. Smith, R., Estan, C., Jha, S., Kong, S.: Deflating the Big Bang: Fast and Scalable Deep Packet Inspection with Extended Finite Automata. In: ACM SIGCOMM 2008, Seattle, Washington, USA (August 2008)

    Google Scholar 

  17. Smith, R., Estan, C., Jha, S.: Xfa: Faster signature matching with extended automata. In: IEEE Symposium on Security and Privacy (May 2008)

    Google Scholar 

  18. Smith, R., Estan, C., Jha, S.: Xfas: Fast and compact signature matching. Technical report, University of Wisconsin, Madison (August 2007)

    Google Scholar 

  19. Becchi, M., Crowley, P.: A Hybrid Finite Automaton for Practical Deep Packet Inspection. In: ACM CoNEXT 2007, New York, NY, USA (December 2007)

    Google Scholar 

  20. Yu, F., Chen, Z., Diao, Y.: Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection. In: ACM ANCS 2006, San Jose, California, USA (December 2006)

    Google Scholar 

  21. Ficara, D., Giordano, S., Procissi, G., et al.: An Improved DFA for Fast Regular Expression Matching. ACM SIGCOMM Computer Communication Review 38(5), 29–40 (2008)

    Article  Google Scholar 

  22. Becchi, M.: regex tool, http://regex.wustl.edu/

  23. Internet traffic traces, http://cctf.shmoo.com/

  24. Eatherton, W., Dittia, Z., Varghese, G.: Tree bitmap: Hardware/software ip lookups with incremental updates. ACM SIGCOMM Computer Communications Review 34 (2004)

    Google Scholar 

  25. Varghese, G.: Network Algorithmics: An Interdisciplinary Approach to Designing Fast Networked Devices. Morgan Kaufmann Publishers Inc., San Francisco (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. MOE-Microsoft Key Laboratory of Multimedia Computing and Communication, University of Science and Technology of China,  

    Yang Li, Zheng Li, Nenghai Yu & Ke Ma

Authors
  1. Yang Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zheng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nenghai Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ke Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. SINTEF ICT, NO-7465, Trondheim, Norway

    Martin Gilje Jaatun

  2. School of Computer Science, South China Normal University, Guangzhou, China

    Gansen Zhao

  3. Department of Electrical Engineering and Computer Science, University of Stavanger, NO- 4036, Stavanger, Norway

    Chunming Rong

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Li, Y., Li, Z., Yu, N., Ma, K. (2009). APFA: Asynchronous Parallel Finite Automaton for Deep Packet Inspection in Cloud Computing. In: Jaatun, M.G., Zhao, G., Rong, C. (eds) Cloud Computing. CloudCom 2009. Lecture Notes in Computer Science, vol 5931. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10665-1_48

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10665-1_48

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10664-4

  • Online ISBN: 978-3-642-10665-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation