Abstract
Security in cloud computing is getting more and more important recently. Besides passive defense such as encryption, it is necessary to implement real-time active monitoring, detection and defense in the cloud. According to the published researches, DPI (deep packet inspection) is the most effective technology to realize active inspection and defense. However, most recent works of DPI aim at space reduction but could not meet the demands of high speed and stability in the cloud. So, it is important to improve regular methods of DPI, making it more suitable for cloud computing. In this paper, an asynchronous parallel finite automaton named APFA is proposed, by introducing the asynchronous parallelization and the heuristically forecast mechanism, which significantly decreases the time consumed in matching while still keeps reducing the memory required. What is more, APFA is immune to the overlap** problem so that the stability is also enhanced. The evaluation results show that APFA achieves higher stability, better performance on time and memory. In short, APFA is more suitable for cloud computing.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Buyya, R.: Market-Oriented Cloud Computing: Vision, Hype, and Reality of Delivering Computing as the 5th Utility. In: 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid (2009)
Vaquero, L.M., et al.: A Break in the Clouds: Towards a Cloud Definition. ACM SIGCOMM 39(1) (January 2009)
Leavitt, N.: Is cloud computing really ready for prime time? IEEE Computer Society, Los Alamitos (2009)
Armbrust, M., Fox, A., Griffith, R., et al.: Above the Clouds: A Berkeley View of Cloud Computing. University of California, Berkeley (2009)
Heiser, J., Nicolett, M.: Accessing the Security Risks of Cloud Computing. Gartner Inc., Stamford (2008)
Krautheim, F.J.: Private Virtual Infrastructure for Cloud Computing. University of Maryland, hotcloud (2009), http://usenix.org
Krautheim, F.J., Phatak, D.S.: LoBot: Locator Bot for Securing Cloud Computing Environments. In: ACM Cloud Computing Security Workshop, Chicago, IL (submitted 2009)
Snort: Lightweight Intrusion Detection for Networks, http://www.Snort.org/
Cisco Systems, http://www.cisco.com/
Kumar, S., et al.: Algorithms to Accelerate Multiple Regular Expressions Matching for Deep Packet Inspection. In: ACM SIGCOMM 2006, Pisa, Italy (September 2006)
Kumar, S., et al.: Advanced Algorithms for Fast and Scalable Deep Packet Inspection. In: ACM ANCS 2006, San Jose, California, USA (December 2006)
Becchi, M., Crowley, P.: An improved algorithm to accelerate regular expression evaluation. In: Proc. of ANCS 2007, pp. 145–154 (2007)
Becchi, M., Cadambi, S.: Memory-efficient regular expression search using state merging. In: Proc. of INFOCOM 2007 (May 2007)
Kumar, S., et al.: Curing Regular Expressions Matching Algorithms from Insomnia, Amnesia, and Acalculia. In: ACM ANCS 2007, Orlando, Florida, USA (December 2007)
Smith, R., Estan, C., Jha, S., Kong, S.: Deflating the Big Bang: Fast and Scalable Deep Packet Inspection with Extended Finite Automata. In: ACM SIGCOMM 2008, Seattle, Washington, USA (August 2008)
Smith, R., Estan, C., Jha, S.: Xfa: Faster signature matching with extended automata. In: IEEE Symposium on Security and Privacy (May 2008)
Smith, R., Estan, C., Jha, S.: Xfas: Fast and compact signature matching. Technical report, University of Wisconsin, Madison (August 2007)
Becchi, M., Crowley, P.: A Hybrid Finite Automaton for Practical Deep Packet Inspection. In: ACM CoNEXT 2007, New York, NY, USA (December 2007)
Yu, F., Chen, Z., Diao, Y.: Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection. In: ACM ANCS 2006, San Jose, California, USA (December 2006)
Ficara, D., Giordano, S., Procissi, G., et al.: An Improved DFA for Fast Regular Expression Matching. ACM SIGCOMM Computer Communication Review 38(5), 29–40 (2008)
Becchi, M.: regex tool, http://regex.wustl.edu/
Internet traffic traces, http://cctf.shmoo.com/
Eatherton, W., Dittia, Z., Varghese, G.: Tree bitmap: Hardware/software ip lookups with incremental updates. ACM SIGCOMM Computer Communications Review 34 (2004)
Varghese, G.: Network Algorithmics: An Interdisciplinary Approach to Designing Fast Networked Devices. Morgan Kaufmann Publishers Inc., San Francisco (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, Y., Li, Z., Yu, N., Ma, K. (2009). APFA: Asynchronous Parallel Finite Automaton for Deep Packet Inspection in Cloud Computing. In: Jaatun, M.G., Zhao, G., Rong, C. (eds) Cloud Computing. CloudCom 2009. Lecture Notes in Computer Science, vol 5931. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10665-1_48
Download citation
DOI: https://doi.org/10.1007/978-3-642-10665-1_48
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10664-4
Online ISBN: 978-3-642-10665-1
eBook Packages: Computer ScienceComputer Science (R0)