关键词: 正则匹配, 深度包监测, AC算法

Abstract:

With the diversification of network applications, various kinds of network traffics are increasingly complex and diversified, and a number of serious accidents occur frequently. The non-uniform distribution of network traffics and the complexity of the internet security situation make the management and maintenance of the internet urgent, which make the monitoring of the network traffic to be an important issue. The traffic identification, a technology which can provide automatic and real-time protection for the network monitoring , becomes a necessary supplement to static security devices such as firewall and gains more and more attentions. As the main measure to traffic identification, DPI technology is more popular because of its accurateness. However, the method that only uses software to perform the system inspection is of low speed, which can not meet the requirement of throughput that the high-speed packet process needs. The method that only uses hardware identification knowledge base would occupy big memory, which the hardware memory can’t meet in general .In this paper , a method based on regular expression and the combination of hardware and software is proposed. The concept of this approach includes two aspects: one is that the hardware recognizes the common internet protocols , the other is that the software recognizes the complicated internet protocols. In addition, both of them can support the regular expression. This approach bears the advantages of the software and the hardware. Comparing with the traditional realization with software, it achieves remarkable improvement in the efficiency of recognition.

Key words: regular matching, DPI, AC algorithm