High Impact Factor : 4.396 icon | Submit Manuscript Online icon |

A Survey on DPI Techniques for Regular Expression Detection in Network Intrusion Detection System

Author(s):

Girish M. Wandhare , S.K.N.C.O.E. Pune; Satish N. Gujar, S.K.N.C.O.E. Pune; V. M. Thakare, S.G.B. Amravati University, Amravati

Keywords:

Deep Packet Inspection(DPI), Regular Expression(RegEx), Deterministic Finite Automata(DFA), LaFA, StriFA, CompactDFA, Tcam, DFA/EC, Snort, Bro

Abstract

Deep Packet Inspection (DPI) is becoming more widely used in virtually all applications or services like Intrusion Detection System (IDS), which operate with or within a network. DPI analyzes all data present in the packet as it passes an inspection to determine the application transported and protocol. Deep packet inspection typically uses regular expression matching as a core operator. Regular expressions (RegExes) are used to flexibly represent complex string patterns in many applications ranging from network intrusion detection and prevention systems (NIDPSs). Regular expressions represent complex string pattern as attack signatures in DPI. It examine whether a packet’s payload matches any of a set of predefined regular expressions. There are various techniques developed in DPI for deep packet inspection for regular expression. We survey on these techniques for further improvement in regular expression detection in this paper. In the result we found that it is possible to reduce RegEx transaction memory required in network intrusion detection. We made this survey with possible use of DPI techniques in the wireless network.

Other Details

Paper ID: IJSRDV2I9181
Published in: Volume : 2, Issue : 9
Publication Date: 01/12/2014
Page(s): 270-278

Article Preview

Download Article