Communications of the ACM - Special issue on parallelism
Efficient string matching: an aid to bibliographic search
Communications of the ACM
Derivation of a parallel string matching algorithm
Information Processing Letters
Stateful Intrusion Detection for High-Speed Networks
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Active Mapping: Resisting NIDS Evasion without Altering Traffic
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
A fast string-matching algorithm for network processor-based intrusion detection system
ACM Transactions on Embedded Computing Systems (TECS)
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Scalable Pattern Matching for High Speed Networks
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Gigabit Rate Packet Pattern-Matching Using TCAM
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
A High Throughput String Matching Architecture for Intrusion Detection and Prevention
Proceedings of the 32nd annual international symposium on Computer Architecture
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching
Proceedings of the 33rd annual international symposium on Computer Architecture
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
High Speed Pattern Matching for Network IDS/IPS
ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
An improved algorithm to accelerate regular expression evaluation
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
XFA: Faster Signature Matching with Extended Automata
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Deflating the big bang: fast and scalable deep packet inspection with extended finite automata
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
An improved DFA for fast regular expression matching
ACM SIGCOMM Computer Communication Review
Efficient signature matching with multiple alphabet compression tables
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Efficient regular expression evaluation: theory to practice
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Fast and Scalable Pattern Matching for Network Intrusion Detection Systems
IEEE Journal on Selected Areas in Communications
Selective regular expression matching
ISC'10 Proceedings of the 13th international conference on Information security
Re-examining the performance bottleneck in a NIDS with detailed profiling
Journal of Network and Computer Applications
Multi-gigabit traffic identification on GPU
Proceedings of the first edition workshop on High performance and programmable networking
Non-blocking parallel subset construction on shared-memory multicore architectures
AusPDC '13 Proceedings of the Eleventh Australasian Symposium on Parallel and Distributed Computing - Volume 140
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
A Speculative Parallel DFA Membership Test for Multicore, SIMD and Cloud Computing Environments
International Journal of Parallel Programming
| Hi-index | 0.00 |
Intrusion prevention systems determine whether incoming traffic matches a database of signatures, where each signature in the database represents an attack or a vulnerability. IPSs need to keep up with ever-increasing line speeds, which leads to the use of custom hardware. A major bottleneck that IPSs face is that they scan incoming packets one byte at a time, which limits their throughput and latency. In this paper, we present a method for scanning multiple bytes in parallel using speculation. We break the packet in several chunks, opportunistically scan them in parallel and if the speculation is wrong, correct it later. We present algorithms that apply speculation in single-threaded software running on commodity processors as well as algorithms for parallel hardware. Experimental results show that speculation leads to improvements in latency and throughput in both cases.