ClusterFA: a memory-efficient DFA structure for network intrusion detection

Network intrusion detection systems (NIDS) plays an increasing important role in the field of network security. Current NIDS, such as Bro and Snort, mainly use signatures to represent and detect networking attacks. Traditionally the signatures are depicted by exact string patterns. However, new worms and viruses emerge endlessly in recent years. As a result, the scale of signatures increases sharply. Compared with exact strings, regular expressions have more powerful expressiveness, and are replacing exact strings gradually in state-of-the-art NIDS.

[1]  Stefano Giordano,et al.  An improved DFA for fast regular expression matching , 2008, CCRV.

[2]  Stefano Giordano,et al.  Differential Encoding of DFAs for Fast Regular Expression Matching , 2011, IEEE/ACM Transactions on Networking.

[3]  MalikJitendra,et al.  Spectral Grouping Using the Nyström Method , 2004 .

[4]  Eugene W. Myers,et al.  A Four Russians algorithm for regular expression pattern matching , 1992, JACM.

[5]  Xiaofei Wang,et al.  Compact DFA Structure for Multiple Regular Expressions Matching , 2009, 2009 IEEE International Conference on Communications.

[6]  Patrick Crowley,et al.  An improved algorithm to accelerate regular expression evaluation , 2007, ANCS '07.

[7]  Richard W. Hamming,et al.  Error detecting and error correcting codes , 1950 .

[8]  Gaston H. Gonnet,et al.  Fast text searching for regular expressions or automaton searching on tries , 1996, JACM.

[9]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[10]  Patrick Crowley,et al.  A hybrid finite automaton for practical deep packet inspection , 2007, CoNEXT '07.

[11]  Jitendra Malik,et al.  Spectral grouping using the Nystrom method , 2004, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[12]  T. V. Lakshman,et al.  Fast and memory-efficient regular expression matching for deep packet inspection , 2006, 2006 Symposium on Architecture For Networking And Communications Systems.

[13]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).

[14]  Ron K. Cytron,et al.  A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching , 2006, ISCA 2006.

[15]  Jeffrey D. Ullman,et al.  The compilation of regular expressions into integrated circuits , 1980, 21st Annual Symposium on Foundations of Computer Science (sfcs 1980).

[16]  Christopher R. Clark,et al.  Scalable pattern matching for high speed networks , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[17]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[18]  Li Guo,et al.  An efficient regular expressions compression algorithm from a new perspective , 2011, 2011 Proceedings IEEE INFOCOM.

[19]  Patrick Crowley,et al.  Algorithms to accelerate multiple regular expressions matching for deep packet inspection , 2006, SIGCOMM 2006.

[20]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[21]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[22]  Anil K. Jain,et al.  Algorithms for Clustering Data , 1988 .

[23]  Mary Inaba,et al.  Applications of weighted Voronoi diagrams and randomization to variance-based k-clustering: (extended abstract) , 1994, SCG '94.

[24]  Hans-Peter Kriegel,et al.  A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[25]  Hao Zhang,et al.  Segmentation of 3D meshes through spectral clustering , 2004, 12th Pacific Conference on Computer Graphics and Applications, 2004. PG 2004. Proceedings..

[26]  Edward Y. Chang,et al.  Parallel Spectral Clustering in Distributed Systems , 2011, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[27]  Jan Koÿ Fast Regular Expression Matching Using FPGA , 2010 .

[28]  Miad Faezipour,et al.  Constraint Repetition Inspection for Regular Expression on FPGA , 2008, 2008 16th IEEE Symposium on High Performance Interconnects.

[29]  Tsutomu Sasao,et al.  A regular expression matching using non-deterministic finite automaton , 2010, Eighth ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2010).

[30]  Christopher R. Clark,et al.  Efficient Reconfigurable Logic Circuits for Matching Complex Network Intrusion Detection Patterns , 2003, FPL.

[31]  Udi Manber,et al.  A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING , 1999 .

[32]  D. Defays,et al.  An Efficient Algorithm for a Complete Link Method , 1977, Comput. J..

[33]  Li Guo,et al.  Compressing Regular Expressions' DFA Table by Matrix Decomposition , 2010, CIAA.

[34]  Somesh Jha,et al.  Deflating the big bang: fast and scalable deep packet inspection with extended finite automata , 2008, SIGCOMM '08.

[35]  J. MacQueen Some methods for classification and analysis of multivariate observations , 1967 .

[36]  Viktor K. Prasanna,et al.  High-Performance and Compact Architecture for Regular Expression Matching on FPGA , 2012, IEEE Transactions on Computers.

[37]  Ken Thompson,et al.  Programming Techniques: Regular expression search algorithm , 1968, Commun. ACM.