Deterministic memory-efficient string matching algorithms for intrusion detection

Intrusion detection systems (IDSs) have become widely recognized as powerful tools for identifying, deterring and deflecting malicious attacks over the network. Essential to almost every intrusion detection system is the ability to search through packets and identify content that matches known attac...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2004 IEEE Infocom Ročník 4; s. 2628 - 2639 vol.4
Hlavní autoři: Tuck, N., Sherwood, T., Calder, B., Varghese, G.
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: Piscataway, New Jersey IEEE 2004
Témata:
Applied sciences
Computer crime
Computer science
Exact sciences and technology
Hardware
Internet
Intrusion detection
Power engineering and energy
Protection
Services and terminals of telecommunications
Software performance
Systems, networks and services of telecommunications
Telecommunication traffic
Telecommunications
Telecommunications and information theory
Telemetry. Remote supervision. Telewarning. Remote control
Web server
Performance evaluation
Worst case method
Space time
Intruder detector
Algorithm
Implementation
Remote sensing
Algorithm performance
Surveillance
Storage management
Safety
Deterministic approach
Remote supervision
ISBN:0780383559, 9780780383555
ISSN:0743-166X
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Intrusion detection systems (IDSs) have become widely recognized as powerful tools for identifying, deterring and deflecting malicious attacks over the network. Essential to almost every intrusion detection system is the ability to search through packets and identify content that matches known attacks. Space and time efficient string matching algorithms are therefore important for identifying these packets at line rate. We examine string matching algorithms and their use for intrusion detection, in particular, we focus our efforts on providing worst-case performance that is amenable to hardware implementation. We contribute modifications to the Aho-Corasick string-matching algorithm that drastically reduce the amount of memory required and improve its performance on hardware implementations. We also show that these modifications do not drastically affect software performance on commodity processors, and therefore may be worth considering in these cases as well.
ISBN:0780383559
9780780383555
ISSN:0743-166X
DOI:10.1109/INFCOM.2004.1354682