A New Packet Filter Schema Based on Multi-level Signature Hash and DFA Grouping | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2014 Tenth International Conf...

A New Packet Filter Schema Based on Multi-level Signature Hash and DFA Grouping

PDF
 << Results  
Wang Yumeng; Wang Yuping; Xue Xingsi; Zhang Chen; Huo Yuanliang
All Authors

Abstract:

Packet filter system based on high speed match engine of REGular EXPressions (REGEXP) plays an important role in domain of Intrusion Detection System (IDS), Deep Packet I...Show More

Metadata

Abstract:

Packet filter system based on high speed match engine of REGular EXPressions (REGEXP) plays an important role in domain of Intrusion Detection System (IDS), Deep Packet Inspection (DPI) system, network security and traffic monitoring, etc. However, the existing filter schemas suffer from several deficiencies in matching speed and memory footprint, such as traditional DFA matching, single-level signature hash and DFA grouping. To overcome these shortcomings, in this paper, a new packet filter schema based on multilevel signature and DFA grouping is proposed. In particular, an algorithm called "DFA pseudo-split" is presented in our proposal to overcome the shortage of signatures. The experimental results show that our proposal significantly outperforms the traditional filter schemas.
Published in: 2014 Tenth International Conference on Computational Intelligence and Security
Date of Conference: 15-16 November 2014
Date Added to IEEE Xplore: 22 January 2015
ISBN Information:
DOI: 10.1109/CIS.2014.130
Conference Location: Kunming, China
Contents

I. Introduction

Due to the increasing number of attacks on application layer, the effectiveness of traditional network firewalls declines. Therefore, the Intrusion Detection System (IDS) emerges as the supplement of the traditional network firewalls, which consist of a device and the corresponding software application running on it. IDS is able to monitor network or system activities to determine whether there exists malicious ctivities or policy violations, and if it does, IDS will produce reports for a management station.

  Back to Results  
Contact IEEE to Subscribe
More Like This
Some thoughts on “Algorithm Design and Analysis” teaching reform

2010 The 2nd International Conference on Industrial Mechatronics and Automation

Published: 2010

Research on the Teaching Reform of Algorithm Design and Analysis Course Under the Background of Engineering Education Professional Certification

2024 14th International Conference on Information Technology in Medicine and Education (ITME)

Published: 2024

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.