EVALUATION OF REGULAR EXPRESSION MATCH ENGINES FOR DPI SYSTEM
Because of its superior expressive power and flexibility, regular expression is now widely used in intrusion detection system and deep packet inspection system to define various patterns of virus or attacks in network traffic12. Excellent regular expression engine used in DPI system must be fast, accuracy and less memory usage to match a large volume of data streams, especially in realtime network. In this paper, four open source regular expression match engines are introduced, include Henry Spencers regex library, PCRE, RE2, and TRE. An evaluation of the four libraries on expressive power, data structure, memory usage and performance is proposed. The evaluation is based on analysis of their source code and blackbox testing. Also a list of benchmarks is presented to do this evaluation. The results indicate that PCRE supports more features but has worse performance than other libraries, RE2 performs well on both time and memory usage but does not support backreferences. Both of them are more suitable for DPI system than TRE and Spencys library.
Regular expression match engine Realization analysis DPI system
Junying Zhang Qiaoyan Wen
State Key Laboratory of Networking and Switching Technology,Beijing University of Posts and Telecommunications,Beijing 100876, China
国际会议
深圳
英文
370-374
2011-10-28(万方平台首次上网日期,不代表论文的发表时间)