期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

网络入侵检测中多模式匹配的状态编码方法 被引量:3

State encoding for multi-pattern matching for network intrusion detection
原文传递
导出
摘要 为了减少网络入侵检测系统的硬件实现方案中自动机占用的存储容量,提出了一种自动机状态的编码方法。该方法通过对自动机状态重新进行编号,使得多个状态能够用一个通配编号来表示,这样自动机中具有相同输入和下一状态的多条变迁就能被聚合为一条,大大减小了需要存储的变迁数目。可以证明状态编码方法能够将变迁数目减小到理论上最小值同时保证自动机恒定的处理速率。实验表明,对于常见特征串集,该方法可以将变迁数目减小98.9%以上。 A state encoding scheme was developed to reduce the storage for the Deterministic Finite Automaton (DFA) in hardware-based Network Intrusion Detection System (NIDS). The scheme greatly reduces the number of transitions by re-encoding the DFA states so that multiple states can be represented by one number and transitions with the same input to the next state can be combined into one transfer. Theoretical analyses prove that this state encoding scheme minimizes the number of transitions while maintaining the best worst case DFA performance. Experiments on a mainstream NIDS rule set show that the state encoding scheme reduces the transitions by more than 98.9%.
作者 吴碧海 赵有健
机构地区 清华大学计算机科学与技术系
出处 《清华大学学报(自然科学版)》 EI CAS CSCD 北大核心 2009年第4期612-615,共4页 Journal of Tsinghua University(Science and Technology)
基金 国家自然科学基金资助项目(90604029 60773150) 国家"八六三"高新技术项目(2007AA01Z219)
关键词 网络入侵检测系统 多模式匹配 状态编码 自动机 NIDS multi-pattern matching state encoding DFA
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献9

  • 1Alfred V Aho, Margaret J Corasick. Efficient string matching: an aid to bibliographic search [J]. Communication oftheACM, 1975, 18(6): 333-340.
  • 2Commentz-Walter B. A string matching algorithm fast on the average [C]// ICALP 1979. Proc of the 6th Colloquium on Automata, Languages and Programming. Lodon : Springer-Verlag, 1979:118 - 132.
  • 3Wu S, Manber U. A fast algorithm for multi-pattern searching, TR-94-17 [R]. Arizona : Department of Computer Science, University of Arizona, 1994.
  • 4Tan L, Sherwood T. A high throughput string matching architecture for intrusion detection and prevention [C]// ISCA’05. Proc of the 32nd International Symposium on Computer Architecture. Washinton: IEEE Computer Society, 2005:112 - 122.
  • 5Brodie B C, Ron K C, Taylor D E. A scalable architecture for high throughput regular expression pattern matching [C]//ISCA’06. Proc of the 33rd International Symposium on Computer Architecture. New York: ACM, 2006:191 - 202.
  • 6Lunteren J V. High performance pattern matching for intrusion detection [C]//Infocom' 06. Proe of Infocom’06. Barcelona: IEEE Infocom, 2006:1-13.
  • 7Kumar S, Dharmapurikar S, Yu F, et al. Algorithms to accelerate multiple regular expressions matching for deep packet inspection [C]// SIGCOMM’06. Proc of SIGCOMM’06. New York: ACM, 2006: 339 - 350.
  • 8Roesch M, Kane S, Guiterman M, et al. Snort: the de facto standard for intrusion detection/prevention [EB/OL]. (2008-04-01), http://www. snort, org
  • 9Kojm T, Cathey M, Cordes C, et al. ClamAV antivirus [EB/OL]. (2008-04-14). http://www. clamav, net.

同被引文献24

  • 1郭春霞,续欣,苗青,王玉华.入侵检测系统发展与研究[J].通信与广播电视,2005(1):23-27. 被引量:4
  • 2Agrawal R,Srikant R.Fast algorithms for mining association rules[A].In Proceedings of the20th international conference on very large databases held in Santiago[C].Chile,,2004:87-99.
  • 3Kuok C,Fu A,Wong M.Mining fuzzy association rules in databas-es[J].SIGMOD Record,2008,17(1):41-6.
  • 4Mannila H,Toivonen H.Discovering eneralized episodes using min-imal occurrences[A].In Proceedings of the second international conference on knowledge discovery and data mining held in Portland[C].Oregon,August,2006:146-51.
  • 5Lee W,Stolfo S,Mok K.Mining audit data to build intrusion detec-tion models[A].In Proceedings of the fourth international confer-ence on knowledge discovery and data mining held in New York[C].New York,2008:66-72.
  • 6Navarro G, Raffinot M. Flexible Pattern Matching in Strings: Practical On-Line Search Algorithms for Texts and Biological Sequences. Cambridge.. Cambridge University Press, 2002.
  • 7Aho A V, Corasick M J. Efficient string matching: An aid to bibliographic search. Communications of the ACM, 1975, 18(6) : 333-340.
  • 8Coit C J, Staniford S, MeAlerney J. Towards faster string matching for intrusion detection or exceeding the speed of snort//Proceedings of the DARPA Information Survivability Conference& Exposition II. Anaheim, USA, 2001:367-373.
  • 9Wu Sun, Manber U. A fast algorithm for multi-pattern searching. University of Arizona, Tucson: Technical Report TR-94-17, 1994.
  • 10Song Tian, Wang Dongsheng. A path combinational method for multiple pattern matching//Proceedings of the 5th ACM/ IEEE Symposium on Architectures for Networking and Communications Systems. Princeton, USA, 2009:76-77.

引证文献3

二级引证文献30

清华大学学报(自然科学版)
2009年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部