Towards adaptive character frequency-based exclusive signature matching scheme and its applications in distributed intrusion detection
作者: Yuxin Meng , Wenjuan Li , Lam For Kwok , None
DOI: 10.1016/J.COMNET.2013.08.009
关键词:
摘要: Network intrusion detection systems (NIDSs), especially signature-based NIDSs, are being widely deployed in a distributed network environment with the purpose of defending against variety attacks. However, signature matching is key limiting factor to limit and lower performance NIDS large-scale environment, which cost at least linear size an input string. The overhead packets can greatly reduce effectiveness such heavily consume computer resources. To mitigate this issue, more efficient algorithm desirable. In paper, we therefore develop adaptive character frequency-based exclusive scheme (named ACF-EX) that improve process for NIDS. experiment, implemented ACF-EX evaluated it by comparing Snort. addition, further apply constructing packet filter out conducting NIDS, avoid implementation issues flexibility scheme. experimental results demonstrate that, proposed positively time consumption our promising burden
acm.org
elsevier.com
sci-hub.se 参考文章(33)
Robin Sommer, Vern Paxson, Outside the Closed World: On Using Machine Learning for Network Intrusion Detection ieee symposium on security and privacy. pp. 305- 316 ,(2010) , 10.1109/SP.2010.25
Philip Bille, Inge Li Gørtz, Hjalte Wedel Vildhøj, David Kofoed Wind, String matching with variable length gaps Theoretical Computer Science. ,vol. 443, pp. 25- 34 ,(2012) , 10.1016/J.TCS.2012.03.029
R. Nigel Horspool, Practical Fast Searching in Strings Software - Practice and Experience. ,vol. 10, pp. 501- 506 ,(1980) , 10.1002/SPE.4380100608
A. Bremler-Barr, Y. Koral, Accelerating multipattern matching on compressed HTTP traffic IEEE ACM Transactions on Networking. ,vol. 20, pp. 970- 983 ,(2012) , 10.1109/TNET.2011.2172456
Yoon-Ho Choi, Moon-Young Jung, Seung-Woo Seo, A fast pattern matching algorithm with multi-byte search unit for high-speed network security Computer Communications. ,vol. 34, pp. 1750- 1763 ,(2011) , 10.1016/J.COMCOM.2011.03.014
Yingling Liu, Xindong Wu, Xuegang Hu, Jun Gao, Chi Wang, Pattern matching with wildcards based on multiple suffix trees granular computing. pp. 320- 325 ,(2012) , 10.1109/GRC.2012.6468626
Yi-an Huang, Wenke Lee, A cooperative intrusion detection system for ad hoc networks Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks - SASN '03. pp. 135- 147 ,(2003) , 10.1145/986858.986877
Alfred V. Aho, Margaret J. Corasick, Efficient string matching: an aid to bibliographic search Communications of The ACM. ,vol. 18, pp. 333- 340 ,(1975) , 10.1145/360825.360855
Ioannis Sourdis, Vasilis Dimopoulos, Dionisios Pnevmatikatos, Stamatis Vassiliadis, Packet pre-filtering for network intrusion detection Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems - ANCS '06. pp. 183- 192 ,(2006) , 10.1145/1185347.1185372
Jelena Mirkovic, Peter Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms acm special interest group on data communication. ,vol. 34, pp. 39- 53 ,(2004) , 10.1145/997150.997156