Approximate reduction of finite automata for high-speed network intrusion detection

被引:0
|
作者
Milan Češka
Vojtěch Havlena
Lukáš Holík
Ondřej Lengál
Tomáš Vojnar
机构
[1] Brno University of Technology,IT4Innovations Centre of Excellence, FIT
来源
International Journal on Software Tools for Technology Transfer | 2020年 / 22卷
关键词
Reduction; Nondeterministic finite automata; Deep packet inspection; High-speed network monitoring;
D O I
暂无
中图分类号
学科分类号
摘要
We consider the problem of approximate reduction of non-deterministic automata that appear in hardware-accelerated network intrusion detection systems (NIDSes). We define an error distance of a reduced automaton from the original one as the probability of packets being incorrectly classified by the reduced automaton (wrt the probabilistic distribution of packets in the network traffic). We use this notion to design an approximate reduction procedure that achieves a great size reduction (much beyond the state-of-the-art language-preserving techniques) with a controlled and small error. We have implemented our approach and evaluated it on use cases from Snort, a popular NIDS. Our results provide experimental evidence that the method can be highly efficient in practice, allowing NIDSes to follow the rapid growth in the speed of networks.
引用
收藏
页码:523 / 539
页数:16
相关论文
共 50 条
  • [1] Approximate Reduction of Finite Automata for High-Speed Network Intrusion Detection
    Ceska, Milan
    Havlena, Vojtech
    Holik, Lukas
    Lengal, Ondrej
    Vojnar, Tomas
    [J]. TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS, TACAS 2018, PT II, 2018, 10806 : 155 - 175
  • [2] Approximate reduction of finite automata for high-speed network intrusion detection
    Ceska, Milan
    Havlena, Vojtech
    Holik, Lukas
    Lengal, Ondrej
    Vojnar, Tomas
    [J]. INTERNATIONAL JOURNAL ON SOFTWARE TOOLS FOR TECHNOLOGY TRANSFER, 2020, 22 (05) : 523 - 539
  • [3] StriFA: Stride Finite Automata for High-Speed Regular Expression Matching in Network Intrusion Detection Systems
    Wang, Xiaofei
    Xu, Yang
    Jiang, Junchen
    Ormond, Olga
    Liu, Bin
    Wang, Xiaojun
    [J]. IEEE SYSTEMS JOURNAL, 2013, 7 (03): : 374 - 384
  • [4] Intrusion detection system for high-speed network
    Yang, W
    Fang, BX
    Liu, B
    Zhang, HL
    [J]. COMPUTER COMMUNICATIONS, 2004, 27 (13) : 1288 - 1294
  • [5] High-speed string matching for network intrusion detection
    Soewito, Benfano
    Mahajan, Atul
    Weng, Ning
    Wang, Haibo
    [J]. INTERNATIONAL JOURNAL OF COMMUNICATION NETWORKS AND DISTRIBUTED SYSTEMS, 2009, 3 (04) : 319 - 339
  • [6] Study on high-speed network intrusion detection based on network processor
    Computer Network Key Lab., South China University of Technology, Guangzhou 510640, China
    不详
    [J]. Zhongshan Daxue Xuebao, 2006, SUPPL. (31-34):
  • [7] Study of High-Speed Processing for Network Intrusion Detection System
    Liu, Hui
    [J]. MATERIALS AND MANUFACTURING TECHNOLOGY, PTS 1 AND 2, 2010, 129-131 : 1410 - 1414
  • [8] Evaluating Network Intrusion Detection Systems for High-Speed Networks
    Hu, Qinwen
    Asghar, Muhammad Rizwan
    Brownlee, Nevil
    [J]. 2017 27TH INTERNATIONAL TELECOMMUNICATION NETWORKS AND APPLICATIONS CONFERENCE (ITNAC), 2017, : 402 - 407
  • [9] Intrusion detection technology research based high-speed network
    Bo, S
    Ming, Y
    Jie, L
    [J]. PARALLEL AND DISTRIBUTED COMPUTING, APPLICATIONS AND TECHNOLOGIES, PDCAT'2003, PROCEEDINGS, 2003, : 206 - 210
  • [10] One Data Preprocessing Method in High-speed Network Intrusion Detection
    Li, Kunlun
    Zhang, Zhenxing
    Liu, Ming
    [J]. ICWMMN 2010, PROCEEDINGS, 2010, : 60 - 63
12345