New sampling-based summary statistics for improving approximate query answers
SIGMOD '98 Proceedings of the 1998 ACM SIGMOD international conference on Management of data
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
New directions in traffic measurement and accounting
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Winnowing: local algorithms for document fingerprinting
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
Generating realistic workloads for network intrusion detection systems
WOSP '04 Proceedings of the 4th international workshop on Software and performance
Finding frequent items in data streams
Theoretical Computer Science - Special issue on automata, languages and programming
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Gigabit Rate Packet Pattern-Matching Using TCAM
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
On scalable attack detection in the network
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Proceedings of the 2004 ACM workshop on Rapid malcode
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Detecting malicious network traffic using inverse distributions of packet contents
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits
Proceedings of the 12th ACM conference on Computer and communications security
Offloading IDS Computation to the GPU
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Design of a system for real-time worm detection
HOTI '04 Proceedings of the High Performance Interconnects, 2004. on Proceedings. 12th Annual IEEE Symposium
A Real-Time Worm Outbreak Detection System Using Shared Counters
HOTI '07 Proceedings of the 15th Annual IEEE Symposium on High-Performance Interconnects
Adaptive Defense Against Various Network Attacks
IEEE Journal on Selected Areas in Communications
Progress and challenges in intelligent vehicle area networks
Communications of the ACM
Hi-index | 0.02 |
Network Intrusion Detection Systems (NIDS) monitor network traffic to detect attacks or unauthorized activities. Traditional NIDSes search for patterns that match typical network compromise or remote hacking attempts. However, newer networking applications require finding the frequently repeated strings in a packet stream for further investigation of potential attack attempts. Finding frequently repeated strings within a given time frame of the packet stream has been quite efficient to detect polymorphic worm outbreaks. A novel real-time worm outbreak detection system using two-phase hashing and monitoring repeated common substrings is proposed in this article. We use the concept of shared counters to minimize the memory cost while efficiently sifting through suspicious strings. The worm outbreak system has been prototyped on Altera Stratix FPGA. We have tested the system for various settings and packet stream sizes. Experimental results verify that our system can support line speed of gigabit-rates with negligible false positive and negative rates.