An Improved Algorithm Of The Regular Expression Based On DPI System

With the development of technology and the popularity of the network, making theInternet in terms of people’s work or in life plays a very important role, such as Taobao, thecompany copywriting processing and preservation of personal data are inseparable from theInternet. However, just like a double-edged sword, the security issue of Internet has become aresearch direction that can not be ignored. How to prevent the disclosure of information andconfidential documents has become a research content of the imminent. Therefore, taking theadvantage of DPI (deep packet inspection) technology to solve the security issue of internet isan effective way and has been adopted widely. However, on the basis of study and analysis ofthe existed methods, there are some deficiencies of the current DPI matching algorithmic arefound, including:(1) If the DPI matching algorithm uses pattern matching algorithms, whennetwork traffic is complex and varied forms, the pattern matching algorithm stays in a state ofmatching speed-slow and single-matching senescence. This will not meet today’s increasinglycomplex network traffic.(2) If the DPI matching algorithm uses regular expressionsalgorithms, the inadequacies of the current regular expression algorithm is that it consumesexcessive memory and occupies tremendous system resources in the transformation process ofautomatic machine. Aiming at solve the above problems, this paper presents an improvedregular expression algorithm based on the DPI system. Details are as follows:Firstly, research and study on the work principle of DPI method, identify and block avariety of application protocols on the network by building DPI system model. it proves thatDPI detection system can greatly improve the ability of the network to prevent informationleaks in actual applications. It can be effectively applied to identify and monitor a variety ofnetwork, and has a wide range of applications on network security, such as anti-virus,intrusion prevention, URL filtering, content filtering, file filtering, application controlbehavior and mail filtering and so on.Secondly, the most important part of DPI detection methods is the recognition algorithmused in network flow matching engine. This paper concludes the deficiencies of previousalgorithm by analyzing and comparing the pattern matching algorithm and regular expressionsalgorithm, proposes an improved regular expressions algorithm based on DPI system:guess-group-test algorithm. This algorithm firstly searches the feature sub-block with highprobability of occurrence, then group the feature sub-blocks, and take DFA conversion, andthen guess and match the entered network traffic, if the flow finishes the DFAmatching, then use NFAfor complete verification.Finally, verify the correctness and validity of the guess-group-test algorithm byexperiments and compare with the Hybrid-FA algorithm and guess-test algorithm.Experiments result shows that the algorithm in this paper can effectively reduce the DFAstate machine transformation, and reduce memory usage and resource utilization, and it hassuperiority in network streaming protocol recognition.