Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Active Mapping: Resisting NIDS Evasion without Altering Traffic
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Worm propagation modeling and analysis under dynamic quarantine defense
Proceedings of the 2003 ACM workshop on Rapid malcode
Deep Packet Filter with Dedicated Logic and Read Only Memories
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Gigabit Rate Packet Pattern-Matching Using TCAM
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Worm Detection, Early Warning and Response Based on Local Victim Information
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Fast Regular Expression Matching Using FPGAs
FCCM '01 Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Fast and scalable pattern matching for content filtering
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
SIFT: Snort Intrusion Filter for TCP
HOTI '05 Proceedings of the 13th Symposium on High Performance Interconnects
Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Design of a system for real-time worm detection
HOTI '04 Proceedings of the High Performance Interconnects, 2004. on Proceedings. 12th Annual IEEE Symposium
IEEE 802.11 user fingerprinting and its applications for intrusion detection
Computers & Mathematics with Applications
Scalable NIDS via negative pattern matching and exclusive pattern matching
INFOCOM'10 Proceedings of the 29th conference on Information communications
Wireless telemedicine and m-health: technologies, applications and research issues
International Journal of Sensor Networks
The effect of leaders on the consistency of group behaviour
International Journal of Sensor Networks
Security and Communication Networks
Hi-index | 0.00 |
Worm epidemics in the last few years have shown that manual defences against worm epidemics are not practical. Recently, various automatic worm identification methods have been proposed to be deployed at high-speed network nodes to respond in time to fast infection rates of worms. Unfortunately, these methods can easily be evaded by fragmentation of the worm packets. The straightforward defragmentation method is not applicable for these high-speed nodes due to its high storage (memory) requirement. In this paper, this multipacket signature detection problem is addressed using a defragmentation-free, space-efficient solution. A new data structure Prefix Bloom Filters (PBFs) along with a new heuristic, called the Chain Heuristic (CH) is proposed to significantly reduce the storage requirement of the problem, so that multipacket signature detection becomes feasible for high-speed network nodes.