A. N. Nepeivoda, Yu. A. Belikova, K. K. Shevchenko, M. R. Teriukha, D. P. Knyazihin, A. D. Delman, A. S. Terentyeva, “REDoS detection in “Domino” regular expressions by Ambiguity Analysis”, Proceedings of ISP RAS, 35:3 (2023), 109

Proceedings of the Institute for System Programming of the RAS

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Proceedings of the Institute for System Programming of the RAS, 2023, Volume 35, Issue 3, Pages 109–124
DOI: https://doi.org/10.15514/ISPRAS-2023-35(3)-8 (Mi tisp790)

REDoS detection in “Domino” regular expressions by Ambiguity Analysis

A. N. Nepeivoda^a, Yu. A. Belikova^b, K. K. Shevchenko^b, M. R. Teriukha^b, D. P. Knyazihin^b, A. D. Delman^b, A. S. Terentyeva^b

^a Ailamazyan Program Systems Institute of Russian Academy of Sciences
^b Bauman Moscow State Technical University

Full-text PDF (1340 kB)

DOI: https://doi.org/10.15514/ISPRAS-2023-35(3)-8

Abstract: The Regular Expression Denial of Service (REDoS) problem refers to a time explosion caused by the high computational complexity of matching a string against a regex pattern. This issue is prevalent in popular regex engines, such as Python, JavaScript, and C++. In this paper, we examine several existing open-source tools for detecting REDoS and identify a class of regexes that can create REDoS situations in popular regex engines but are not detected by these tools. To address this gap, we propose a new approach based on ambiguity analysis, which combines a strong star-normal form test with an analysis of the transformation monoids of Glushkov automata orbits. Our experiments demonstrate that our implementation outperforms the existing tools on regexes with polynomial matching complexity and complex subexpression overlap structures.

Keywords: regular expressions, ambiguity, REDoS, Glushkov automaton, transformation monoid, strong star-normal form

Funding agency	Grant number
Russian Academy of Sciences - Federal Agency for Scientific Organizations	122012700089-0
The first author was partially supported by Russian Academy of Sciences, research project No. 122012700089-0.

Document Type: Article

Language: English

Citation: A. N. Nepeivoda, Yu. A. Belikova, K. K. Shevchenko, M. R. Teriukha, D. P. Knyazihin, A. D. Delman, A. S. Terentyeva, “REDoS detection in “Domino” regular expressions by Ambiguity Analysis”, Proceedings of ISP RAS, 35:3 (2023), 109–124

Citation in format AMSBIB

\Bibitem{NepBelShe23}

\by A.~N.~Nepeivoda, Yu.~A.~Belikova, K.~K.~Shevchenko, M.~R.~Teriukha, D.~P.~Knyazihin, A.~D.~Delman, A.~S.~Terentyeva

\paper REDoS detection in “Domino” regular expressions by Ambiguity Analysis

\jour Proceedings of ISP RAS

\yr 2023

\vol 35

\issue 3

\pages 109--124

\mathnet{http://mi.mathnet.ru/tisp790}

\crossref{https://doi.org/10.15514/ISPRAS-2023-35(3)-8}

Linking options:

https://www.mathnet.ru/eng/tisp790

https://www.mathnet.ru/eng/tisp/v35/i3/p109

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Proceedings of the Institute for System Programming of the RAS

Statistics & downloads:
Abstract page:	44
Full-text PDF :	20

Что такое QR-код?

Registration to the website

Logotypes