Filters








463 Hits in 6.1 sec

Approximate Reduction of Finite Automata for High-Speed Network Intrusion Detection (Technical Report) [article]

Milan Ceska and Vojtech Havlena and Lukas Holik and Ondrej Lengal and Tomas Vojnar
2018 arXiv   pre-print
We consider the problem of approximate reduction of non-deterministic automata that appear in hardware-accelerated network intrusion detection systems (NIDSes).  ...  Our results provide experimental evidence that the method can be highly efficient in practice, allowing NIDSes to follow the rapid growth in the speed of networks.  ...  Reduction of NFAs in Network Intrusion Detection Systems We have implemented our approach in a Python prototype named APPREAL (APProximate REduction of Automata and Languages) 4 and evaluated it on the  ... 
arXiv:1710.08647v3 fatcat:4aqakfcq25a3naojaupb4d74b4

Approximate Reduction of Finite Automata for High-Speed Network Intrusion Detection [chapter]

Milan Češka, Vojtěch Havlena, Lukáš Holík, Ondřej Lengál, Tomáš Vojnar
2018 Lecture Notes in Computer Science  
We consider the problem of approximate reduction of non-deterministic automata that appear in hardware-accelerated network intrusion detection systems (NIDSes).  ...  The reductions they offer, however, do not satisfy the needs of high-speed hardware-accelerated NIDSes.  ...  Reduction of NFAs in Network Intrusion Detection Systems We have implemented our approach in a Python prototype named APPREAL (APProximate REduction of Automata and Languages) 4 and evaluated it on the  ... 
doi:10.1007/978-3-319-89963-3_9 fatcat:syyj7hxlgvhfpe2d4uscmeb6ti

FSM Circuits Design for Approximate String Matching in Hardware Based Network Intrusion Detection Systems

Dejan Georgiev, Aristotel Tentov
2013 International Journal of Information Technology and Computer Science  
As network speed increases the software based network intrusion detection and prevention systems (NIDPS) are lagging behind requirements in throughput of so called deep package inspection -the most exhaustive  ...  In this paper we present a logical circuits design for approximate content matching implemented as finite state machines (FSM).  ...  Thus the overall reduction of states is given by Based Network Intrusion Detection Systems Copyright © 2014 MECS I.J.  ... 
doi:10.5815/ijitcs.2014.01.08 fatcat:v6qexk6lfjdzjdhbml67lvzfzy

Efficient String Matching Using Deterministic Finite Automation Hardware: Speed vs Area Tradeoff

Aakanksha Pandey, Nilay Khare
2012 International Journal of Computer Applications  
Pattern matching is a crucial task in several critical network services such as intrusion detection and matching of the IP address during packet forwarding by the router.  ...  The comparison of area and speed is presented. This area optimized architecture of DFA is simulated and synthesized using VHDL on the Xilinx ISE 12.4.  ...  Intrusion Detection System continuously monitors the network traffic for suspicious pattern and informs the administrator to take proper action. String matching is the heart of IDS.  ... 
doi:10.5120/6366-8750 fatcat:7p3dj6rusjbatmsoewwksetw5m

Multi-Character Processor Array for Pattern Matching in Network Intrusion Detection System

Yeim-Kuan Chang, Ming-Li Tsai, Yu-Ru Chung
2008 22nd International Conference on Advanced Information Networking and Applications (aina 2008)  
Network Intrusion Detection System (NIDS) is a system developed for identifying attacks by using a set of rules. NIDS is an efficient way to provide the security protection for today's internet.  ...  Traditional software-based NIDS solutions usually can not achieve a high-speed required for ever growing Internet attacks.  ...  Table 3 shows that the computation reduction rate will decrease as n increases. V. CONCLUSION In this paper, we proposed an effective pattern matching approach for high-speed network.  ... 
doi:10.1109/aina.2008.119 dblp:conf/aina/ChangTC08 fatcat:dezeri5jerex3dery2a66cb3ie

Research on Network Intrusion Detection Method based on Regular Expression Matching

Yi Wang
2016 International Journal of Security and Its Applications  
increases with the increase of the number of rules, and its matching speed can meet the requirements of the detection of gigabit network traffic.  ...  Based on regular expression, this paper studies the method of network intrusion detection, and proposes an improved grouping algorithm (IGA) to improve Yu algorithm based on the concept of expansion coefficient  ...  The application of regular expression engine based on DFA can greatly improve the speed of intrusion detection, which can meet the performance requirements of gigabit network.  ... 
doi:10.14257/ijsia.2016.10.7.16 fatcat:u2ai6zjbvzecdlhxkaiy47snl4

Deep Packet Inspection in FPGAs via Approximate Nondeterministic Automata [article]

Milan Češka, Vojtěch Havlena, Lukáš Holík, Jan Kořenek, Ondřej Lengál, Denis Matoušek, Jiří Matoušek, Jakub Semrič, Tomáš Vojnar
2019 arXiv   pre-print
Monitoring high-speed computer networks (100 Gbps and faster) in a single-box solution demands that the RE matching, traditionally based on finite automata (FAs), is accelerated in hardware.  ...  To obtain the reduced NFAs, we propose new approximate reduction techniques that take into account the profile of the network traffic.  ...  Acknowledgement: We thank Vlastimil Košař for his comments on an earlier draft of the paper and MartinŽádník for providing us with the backbone network traffic.  ... 
arXiv:1904.10786v1 fatcat:otduseowivd4nfiiaqbgbeeghi

2018 Index IEEE Computer Architecture Letters Vol. 17

2019 IEEE computer architecture letters  
-June 2018 33-36 Computer networks CMA: A Reconfigurable Complex Matching Accelerator for Wire-Speed Network Intrusion Detection. Zha, Y., þ, LCA Jan.  ...  ., þ, LCA July -Dec. 2018 155-158 Computer network security CMA: A Reconfigurable Complex Matching Accelerator for Wire-Speed Network Intrusion Detection. Zha, Y., þ, LCA Jan.  ... 
doi:10.1109/lca.2019.2901240 fatcat:ofxkmrips5ezte6rljageeen34

Logical Circuits for Extended Content Matching in Hardware Based NIDPS

Dejan Georgiev, Aristotel Tentov
2008 INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY  
As network speed increases and security matters there is a demand for implementation of hardware based Network Intrusion Detection and Prevention Systems (NIDPS).  ...  In this paper we present logical circuits for efficient detection of rolled out contents.  ...  Recalling the theory regular language can be recognized by deterministic finite state automata (DFA) or non-deterministic finite state automata (NFA).  ... 
doi:10.24297/ijct.v7i3.3448 fatcat:gfs5jf46efhtxi6qkzlwjxmreu

Based on Regular Expression Matching of Evaluation of the Task Performance in WSN: A Queue Theory Approach

Jie Wang, Kai Cui, Kuanjiu Zhou, Yanshuo Yu
2014 The Scientific World Journal  
to determine the parameters of task scheduling in wireless sensor networks.  ...  Finally, based on the queuing model, the sensor networks of task scheduling dynamic performance are evaluated.  ...  Acknowledgments This research is supported by the National Natural Science Funds of China (no. 61472100 and no. 61402078) and the Fundamental Research Funds for the Central Universities (no.  ... 
doi:10.1155/2014/654974 pmid:25401151 pmcid:PMC4226180 fatcat:l7e5d52navexlintusuzdyuwpu

Efficient Reconfigurable Logic Circuits for Matching Complex Network Intrusion Detection Patterns [chapter]

Christopher R. Clark, David E. Schimmel
2003 Lecture Notes in Computer Science  
This paper presents techniques for designing pattern matching circuits for complex regular expressions, such as those found in network intrusion detection patterns.  ...  In order to achieve maximum pattern capacity and throughput, the design focuses on minimizing circuit area while maintaining high clock speed.  ...  Our ongoing research indicates that speeds of 10 Gb/s and beyond are feasible with our approach.  ... 
doi:10.1007/978-3-540-45234-8_94 fatcat:2owdrhmhdrgvxcychfipw62ony

Selective Regular Expression Matching [chapter]

Natalia Stakhanova, Hanli Ren, Ali A. Ghorbani
2011 Lecture Notes in Computer Science  
The signature-based intrusion detection is one of the most commonly used techniques implemented in modern intrusion detection systems (IDS).  ...  Our experimental results on the DARPA data set and a live network traffic show that our method leads on average to 18%-34% improvement over a commonly used finite automata-based matching approach.  ...  Given a regex representing an intrusion detection signature, an IDS decides whether an incoming event (e.g., network packet payload) matches a regex.  ... 
doi:10.1007/978-3-642-18178-8_20 fatcat:ywazvwihvbbxtjpcrqczcbkyzm

NFA Based Regular Expression Matching on FPGA

Kamil Sert, Cuneyt F. Bazlamacci
2021 2021 International Conference on Computer, Information and Telecommunication Systems (CITS)  
In this work, we are interested in solving regular expression and hence string matching problem targeting especially the network intrusion detection systems (NIDS) field.  ...  Among these, studies exist that presents nondeterministic finite automata (NFA) based architectures and their novel mappings onto FPGA.  ...  Bazlamaçcı for giving me the honor of working with him. Without his constant support and guidance, it would be impossible to perform this work.  ... 
doi:10.1109/cits52676.2021.9618426 fatcat:dlppa5bfszhvzjm3zsv2lcty7m

Network anomaly detection with incomplete audit data

Animesh Patcha, Jung-Min Park
2007 Computer Networks  
To address the threats posed by network-based denial-of-service attacks in high speed networks, SCAN consists of two modules: an anomaly detection module that is at the core of the design and an adaptive  ...  With the ever increasing deployment and usage of gigabit networks, traditional network anomaly detection based Intrusion Detection Systems (IDS) have not scaled accordingly.  ...  Their approach is to build an intrusion detection system using Non-Deterministic Finite Automata (NFA).  ... 
doi:10.1016/j.comnet.2007.04.017 fatcat:nyqjvrscj5g23kxlzsdj2ia54a

A high-performance network intrusion detection system

R. Sekar, Y. Guang, S. Verma, T. Shanbhag
1999 Proceedings of the 6th ACM conference on Computer and communications security - CCS '99  
Our specification language is geared for a robust network intrusion detection by enforcing a strict type discipline via a combination of static and dynamic type checking.  ...  In this paper we present a new approach for network intrusion detection based on concise specifications that characterize normal and abnormal network packet sequences.  ...  The high performance also enables us to perform network intrusion detection without packet drops on high speed networks -sustaining detection at gigabit rates appears quite feasible.  ... 
doi:10.1145/319709.319712 dblp:conf/ccs/SekarGVS99 fatcat:jrkh3x3ch5arrnxzihbkhmaf6u
« Previous Showing results 1 — 15 out of 463 results