Deterministic memory-efficient string matching algorithms for intrusion detection
Intrusion detection systems (IDSs) have become widely recognized as powerful tools for identifying, deterring and deflecting malicious attacks over the network. Essential to almost every intrusion detection system is the ability to search through packets and identify content that matches known attac...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Tagungsbericht |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 2639 vol.4 |
|---|---|
| container_issue | |
| container_start_page | 2628 |
| container_title | |
| container_volume | 4 |
| creator | Tuck, N. Sherwood, T. Calder, B. Varghese, G. |
| description | Intrusion detection systems (IDSs) have become widely recognized as powerful tools for identifying, deterring and deflecting malicious attacks over the network. Essential to almost every intrusion detection system is the ability to search through packets and identify content that matches known attacks. Space and time efficient string matching algorithms are therefore important for identifying these packets at line rate. We examine string matching algorithms and their use for intrusion detection, in particular, we focus our efforts on providing worst-case performance that is amenable to hardware implementation. We contribute modifications to the Aho-Corasick string-matching algorithm that drastically reduce the amount of memory required and improve its performance on hardware implementations. We also show that these modifications do not drastically affect software performance on commodity processors, and therefore may be worth considering in these cases as well. |
| doi_str_mv | 10.1109/INFCOM.2004.1354682 |
| format | Conference Proceeding |
| fullrecord | <record><control><sourceid>pascalfrancis_6IE</sourceid><recordid>TN_cdi_pascalfrancis_primary_19152688</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>1354682</ieee_id><sourcerecordid>19152688</sourcerecordid><originalsourceid>FETCH-LOGICAL-i248t-cdd93d2ab8a30c2843489c71aa00749029b607a34e5dcbbd44292909d65e9ea33</originalsourceid><addsrcrecordid>eNpFkE1LAzEYhIMfYFv9Bb3sxeOubz42mxxltVqoFkHBW3k3ybaR7m5J4qH_3pUKnmZgHoZhCJlTKCgFfbd8XdTrl4IBiILyUkjFzsiESUFzrSpxTqZQKeCKl6W-IBOoBM-plJ9XZBrjFwCoiskJeXtwyYXO9z4mb7LOdUM45q5tvfGuT1lMwffbrMNkdr8G99sh-LTrYtYOIfN9Ct_RD31mxx6TRndNLlvcR3fzpzPysXh8r5_z1fppWd-vcs-ESrmxVnPLsFHIwTAluFDaVBQRxq0amG4kVMiFK61pGisE00yDtrJ02iHnM3J76j1gNLhvA_bGx80h-A7DcUM1LZlUauTmJ8475_7j02X8BywEX7g</addsrcrecordid><sourcetype>Index Database</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Deterministic memory-efficient string matching algorithms for intrusion detection</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Tuck, N. ; Sherwood, T. ; Calder, B. ; Varghese, G.</creator><creatorcontrib>Tuck, N. ; Sherwood, T. ; Calder, B. ; Varghese, G.</creatorcontrib><description>Intrusion detection systems (IDSs) have become widely recognized as powerful tools for identifying, deterring and deflecting malicious attacks over the network. Essential to almost every intrusion detection system is the ability to search through packets and identify content that matches known attacks. Space and time efficient string matching algorithms are therefore important for identifying these packets at line rate. We examine string matching algorithms and their use for intrusion detection, in particular, we focus our efforts on providing worst-case performance that is amenable to hardware implementation. We contribute modifications to the Aho-Corasick string-matching algorithm that drastically reduce the amount of memory required and improve its performance on hardware implementations. We also show that these modifications do not drastically affect software performance on commodity processors, and therefore may be worth considering in these cases as well.</description><identifier>ISSN: 0743-166X</identifier><identifier>ISBN: 0780383559</identifier><identifier>ISBN: 9780780383555</identifier><identifier>EISSN: 2641-9874</identifier><identifier>DOI: 10.1109/INFCOM.2004.1354682</identifier><language>eng</language><publisher>Piscataway, New Jersey: IEEE</publisher><subject>Applied sciences ; Computer crime ; Computer science ; Exact sciences and technology ; Hardware ; Internet ; Intrusion detection ; Power engineering and energy ; Protection ; Services and terminals of telecommunications ; Software performance ; Systems, networks and services of telecommunications ; Telecommunication traffic ; Telecommunications ; Telecommunications and information theory ; Telemetry. Remote supervision. Telewarning. Remote control ; Web server</subject><ispartof>IEEE INFOCOM 2004, 2004, Vol.4, p.2628-2639 vol.4</ispartof><rights>2007 INIST-CNRS</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/1354682$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2051,4035,4036,27904,54898</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/1354682$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc><backlink>$$Uhttp://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=19152688$$DView record in Pascal Francis$$Hfree_for_read</backlink></links><search><creatorcontrib>Tuck, N.</creatorcontrib><creatorcontrib>Sherwood, T.</creatorcontrib><creatorcontrib>Calder, B.</creatorcontrib><creatorcontrib>Varghese, G.</creatorcontrib><title>Deterministic memory-efficient string matching algorithms for intrusion detection</title><title>IEEE INFOCOM 2004</title><addtitle>INFCOM</addtitle><description>Intrusion detection systems (IDSs) have become widely recognized as powerful tools for identifying, deterring and deflecting malicious attacks over the network. Essential to almost every intrusion detection system is the ability to search through packets and identify content that matches known attacks. Space and time efficient string matching algorithms are therefore important for identifying these packets at line rate. We examine string matching algorithms and their use for intrusion detection, in particular, we focus our efforts on providing worst-case performance that is amenable to hardware implementation. We contribute modifications to the Aho-Corasick string-matching algorithm that drastically reduce the amount of memory required and improve its performance on hardware implementations. We also show that these modifications do not drastically affect software performance on commodity processors, and therefore may be worth considering in these cases as well.</description><subject>Applied sciences</subject><subject>Computer crime</subject><subject>Computer science</subject><subject>Exact sciences and technology</subject><subject>Hardware</subject><subject>Internet</subject><subject>Intrusion detection</subject><subject>Power engineering and energy</subject><subject>Protection</subject><subject>Services and terminals of telecommunications</subject><subject>Software performance</subject><subject>Systems, networks and services of telecommunications</subject><subject>Telecommunication traffic</subject><subject>Telecommunications</subject><subject>Telecommunications and information theory</subject><subject>Telemetry. Remote supervision. Telewarning. Remote control</subject><subject>Web server</subject><issn>0743-166X</issn><issn>2641-9874</issn><isbn>0780383559</isbn><isbn>9780780383555</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2004</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNpFkE1LAzEYhIMfYFv9Bb3sxeOubz42mxxltVqoFkHBW3k3ybaR7m5J4qH_3pUKnmZgHoZhCJlTKCgFfbd8XdTrl4IBiILyUkjFzsiESUFzrSpxTqZQKeCKl6W-IBOoBM-plJ9XZBrjFwCoiskJeXtwyYXO9z4mb7LOdUM45q5tvfGuT1lMwffbrMNkdr8G99sh-LTrYtYOIfN9Ct_RD31mxx6TRndNLlvcR3fzpzPysXh8r5_z1fppWd-vcs-ESrmxVnPLsFHIwTAluFDaVBQRxq0amG4kVMiFK61pGisE00yDtrJ02iHnM3J76j1gNLhvA_bGx80h-A7DcUM1LZlUauTmJ8475_7j02X8BywEX7g</recordid><startdate>2004</startdate><enddate>2004</enddate><creator>Tuck, N.</creator><creator>Sherwood, T.</creator><creator>Calder, B.</creator><creator>Varghese, G.</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope><scope>IQODW</scope></search><sort><creationdate>2004</creationdate><title>Deterministic memory-efficient string matching algorithms for intrusion detection</title><author>Tuck, N. ; Sherwood, T. ; Calder, B. ; Varghese, G.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i248t-cdd93d2ab8a30c2843489c71aa00749029b607a34e5dcbbd44292909d65e9ea33</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2004</creationdate><topic>Applied sciences</topic><topic>Computer crime</topic><topic>Computer science</topic><topic>Exact sciences and technology</topic><topic>Hardware</topic><topic>Internet</topic><topic>Intrusion detection</topic><topic>Power engineering and energy</topic><topic>Protection</topic><topic>Services and terminals of telecommunications</topic><topic>Software performance</topic><topic>Systems, networks and services of telecommunications</topic><topic>Telecommunication traffic</topic><topic>Telecommunications</topic><topic>Telecommunications and information theory</topic><topic>Telemetry. Remote supervision. Telewarning. Remote control</topic><topic>Web server</topic><toplevel>online_resources</toplevel><creatorcontrib>Tuck, N.</creatorcontrib><creatorcontrib>Sherwood, T.</creatorcontrib><creatorcontrib>Calder, B.</creatorcontrib><creatorcontrib>Varghese, G.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection><collection>Pascal-Francis</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Tuck, N.</au><au>Sherwood, T.</au><au>Calder, B.</au><au>Varghese, G.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Deterministic memory-efficient string matching algorithms for intrusion detection</atitle><btitle>IEEE INFOCOM 2004</btitle><stitle>INFCOM</stitle><date>2004</date><risdate>2004</risdate><volume>4</volume><spage>2628</spage><epage>2639 vol.4</epage><pages>2628-2639 vol.4</pages><issn>0743-166X</issn><eissn>2641-9874</eissn><isbn>0780383559</isbn><isbn>9780780383555</isbn><abstract>Intrusion detection systems (IDSs) have become widely recognized as powerful tools for identifying, deterring and deflecting malicious attacks over the network. Essential to almost every intrusion detection system is the ability to search through packets and identify content that matches known attacks. Space and time efficient string matching algorithms are therefore important for identifying these packets at line rate. We examine string matching algorithms and their use for intrusion detection, in particular, we focus our efforts on providing worst-case performance that is amenable to hardware implementation. We contribute modifications to the Aho-Corasick string-matching algorithm that drastically reduce the amount of memory required and improve its performance on hardware implementations. We also show that these modifications do not drastically affect software performance on commodity processors, and therefore may be worth considering in these cases as well.</abstract><cop>Piscataway, New Jersey</cop><pub>IEEE</pub><doi>10.1109/INFCOM.2004.1354682</doi><tpages>12</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISSN: 0743-166X |
| ispartof | IEEE INFOCOM 2004, 2004, Vol.4, p.2628-2639 vol.4 |
| issn | 0743-166X 2641-9874 |
| language | eng |
| recordid | cdi_pascalfrancis_primary_19152688 |
| source | IEEE Electronic Library (IEL) Conference Proceedings |
| subjects | Applied sciences Computer crime Computer science Exact sciences and technology Hardware Internet Intrusion detection Power engineering and energy Protection Services and terminals of telecommunications Software performance Systems, networks and services of telecommunications Telecommunication traffic Telecommunications Telecommunications and information theory Telemetry. Remote supervision. Telewarning. Remote control Web server |
| title | Deterministic memory-efficient string matching algorithms for intrusion detection |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-25T02%3A25%3A06IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-pascalfrancis_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Deterministic%20memory-efficient%20string%20matching%20algorithms%20for%20intrusion%20detection&rft.btitle=IEEE%20INFOCOM%202004&rft.au=Tuck,%20N.&rft.date=2004&rft.volume=4&rft.spage=2628&rft.epage=2639%20vol.4&rft.pages=2628-2639%20vol.4&rft.issn=0743-166X&rft.eissn=2641-9874&rft.isbn=0780383559&rft.isbn_list=9780780383555&rft_id=info:doi/10.1109/INFCOM.2004.1354682&rft_dat=%3Cpascalfrancis_6IE%3E19152688%3C/pascalfrancis_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=1354682&rfr_iscdi=true |