Chang et al., 2008 - Google Patents
Multi-character processor array for pattern matching in network intrusion detection systemChang et al., 2008
View PDF- Document ID
- 7056983937444166196
- Author
- Chang Y
- Tsai M
- Chung Y
- Publication year
- Publication venue
- 22nd International Conference on Advanced Information Networking and Applications (aina 2008)
External Links
Snippet
Network intrusion detection system (NIDS) is a system developed for identifying attacks by using a set of rules. NIDS is an efficient way to provide the security protection for today's Internet. Pattern match algorithm plays an important role in NIDS that performs searches …
- 238000001514 detection method 0 title abstract description 16
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup or address filtering
- H04L45/7453—Address table lookup or address filtering using hashing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/02—Comparing digital values
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30943—Information retrieval; Database structures therefor; File system structures therefor details of database functions independent of the retrieved data type
- G06F17/30964—Querying
- G06F17/30979—Query processing
- G06F17/30985—Query processing by using string matching techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/02—Indexing scheme relating to groups G06F7/02 - G06F7/026
- G06F2207/025—String search, i.e. pattern matching, e.g. find identical word or best match in a string
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Alicherry et al. | High speed pattern matching for network IDS/IPS | |
| Liu et al. | A fast string-matching algorithm for network processor-based intrusion detection system | |
| Song et al. | A memory efficient multiple pattern matching architecture for network security | |
| US7519995B2 (en) | Programmable hardware for deep packet filtering | |
| Le et al. | A memory-efficient and modular approach for large-scale string pattern matching | |
| Zheng et al. | Algorithms to speedup pattern matching for network intrusion detection systems | |
| Rashid et al. | Exploration of hardware architectures for string matching algorithms in network intrusion detection systems | |
| Abdulhammed et al. | Network intrusion detection using hardware techniques: A review | |
| Aldwairi et al. | Efficient wu-manber pattern matching hardware for intrusion and malware detection | |
| CN102201948A (en) | Quick matching method for network intrusion detection system | |
| Karimov et al. | Application of the Aho-Corasick algorithm to create a network intrusion detection system | |
| Fide et al. | A survey of string matching approaches in hardware | |
| Chang et al. | Multi-character processor array for pattern matching in network intrusion detection system | |
| Cho et al. | Programmable hardware for deep packet filtering on a large signature set | |
| Tharaka et al. | Runtime rule-reconfigurable high throughput NIPS on FPGA | |
| Sun et al. | NFA-based pattern matching for deep packet inspection | |
| Mythili et al. | High Speed Network Intrusion Detection System (NIDS) Using Low Power Precomputation Based Content Addressable Memory. | |
| Liu et al. | FTSE: The FNIP-like TCAM searching engine | |
| Chang et al. | Improved TCAM-based pre-filtering for network intrusion detection systems | |
| Yu et al. | A Parallel NIDS Pattern Matching Engine and Its Implementation on Network Processor. | |
| Nourani et al. | Bloom filter accelerator for string matching | |
| Chang et al. | The cost effective pre-processing based NFA pattern matching architecture for NIDS | |
| Tashev et al. | Comparative performance analysis the Aho-Corasick algorithm for developing a network detection system | |
| Nakahara et al. | The parallel sieve method for a virus scanning engine | |
| Kennedy et al. | Ultra-high throughput string matching for deep packet inspection |