skip to main content
10.1145/2414456.2414494acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

ClusterFA: a memory-efficient DFA structure for network intrusion detection

Published: 02 May 2012 Publication History

Abstract

Network intrusion detection systems (NIDS) plays an increasing important role in the field of network security. Current NIDS, such as Bro and Snort, mainly use signatures to represent and detect networking attacks. Traditionally the signatures are depicted by exact string patterns. However, new worms and viruses emerge endlessly in recent years. As a result, the scale of signatures increases sharply. Compared with exact strings, regular expressions have more powerful expressiveness, and are replacing exact strings gradually in state-of-the-art NIDS.

References

[1]
M. Becchi. regex tool. http://regex.wustl.edu.
[2]
W.-Y. Chen, Y. Song, H. Bai, C.-J. Lin, and E. Y. Chang. Parallel spectral clustering in distributed systems. IEEE Transactions on Pattern Analysis and Machine Intelligence, 33(3): 568--586, 2011.
[3]
D. Defays. An efficient algorithm for a complete link method. The Computer Journal, 20(4): 364, 1977.
[4]
D. Ficara, S. Giordano, G. Procissi, F. Vitucci, G. Antichi, and A. Di Pietro. An improved dfa for fast regular expression matching. ACM SIGCOMM Computer Communication Review, 38(5): 29--40, 2008.
[5]
S. Kumar, S. Dharmapurikar, F. Yu, P. Crowley, and J. Turner. Algorithms to accelerate multiple regular expressions matching for deep packet inspection. ACM SIGCOMM Computer Communication Review, 36(4): 339--350, 2006.
[6]
J. MacQueen et al. Some methods for classification and analysis of multivariate observations. In Proceedings of the fifth Berkeley symposium on mathematical statistics and probability, volume 1, page 14. California, USA, 1967.

Cited By

View all
  • (2016)OnTac: Online task assignment for crowdsourcing2016 IEEE International Conference on Communications (ICC)10.1109/ICC.2016.7511256(1-6)Online publication date: May-2016
  • (2016)PiDFA: A practical multi-stride regular expression matching engine based On FPGA2016 IEEE International Conference on Communications (ICC)10.1109/ICC.2016.7511199(1-7)Online publication date: May-2016

Index Terms

  1. ClusterFA: a memory-efficient DFA structure for network intrusion detection

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      ASIACCS '12: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
      May 2012
      119 pages
      ISBN:9781450316484
      DOI:10.1145/2414456
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 02 May 2012

      Permissions

      Request permissions for this article.

      Check for updates

      Qualifiers

      • Research-article

      Conference

      ASIA CCS '12
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 418 of 2,322 submissions, 18%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)1
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 20 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2016)OnTac: Online task assignment for crowdsourcing2016 IEEE International Conference on Communications (ICC)10.1109/ICC.2016.7511256(1-6)Online publication date: May-2016
      • (2016)PiDFA: A practical multi-stride regular expression matching engine based On FPGA2016 IEEE International Conference on Communications (ICC)10.1109/ICC.2016.7511199(1-7)Online publication date: May-2016

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media