Index structures for selective dissemination of information under the Boolean model
ACM Transactions on Database Systems (TODS)
Matching events in a content-based subscription system
Proceedings of the eighteenth annual ACM symposium on Principles of distributed computing
Efficient string matching: an aid to bibliographic search
Communications of the ACM
Filtering algorithms and implementation for very fast publish/subscribe systems
SIGMOD '01 Proceedings of the 2001 ACM SIGMOD international conference on Management of data
Predicate Matching and Subscription Matching in Publish/Subscribe Systems
ICDCSW '02 Proceedings of the 22nd International Conference on Distributed Computing Systems
Gigascope: a stream database for network applications
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Denial of service via algorithmic complexity attacks
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A framework for performance evaluation of complex event processing systems
Proceedings of the second international conference on Distributed event-based systems
High-Speed Matching of Vulnerability Signatures
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
SNIF TOOL: sniffing for patterns in continuous streams
Proceedings of the 17th ACM conference on Information and knowledge management
Fast Signature Matching Using Extended Finite Automaton (XFA)
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Composite subscriptions in content-based publish/subscribe systems
Proceedings of the ACM/IFIP/USENIX 2005 International Conference on Middleware
Parallel event processing for content-based publish/subscribe systems
Proceedings of the Third ACM International Conference on Distributed Event-Based Systems
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
NetShield: massive semantics-based vulnerability signature matching for high-speed networks
Proceedings of the ACM SIGCOMM 2010 conference
Efficient event processing through reconfigurable hardware for algorithmic trading
Proceedings of the VLDB Endowment
GPX-matcher: a generic boolean predicate-based XPath expression matcher
Proceedings of the 14th International Conference on Extending Database Technology
Proceedings of the 2011 ACM SIGMOD International Conference on Management of data
Towards highly parallel event processing through reconfigurable hardware
Proceedings of the Seventh International Workshop on Data Management on New Hardware
Towards highly parallel event processing through reconfigurable hardware
Proceedings of the Seventh International Workshop on Data Management on New Hardware
fpga-ToPSS: line-speed event processing on fpgas
Proceedings of the 5th ACM international conference on Distributed event-based system
Towards an extensible efficient event processing kernel
PhD '12 Proceedings of the on SIGMOD/PODS 2012 PhD Symposium
Location-based matching in publish/subscribe revisited
Proceedings of the Posters and Demo Track
Analysis and optimization for boolean expression indexing
ACM Transactions on Database Systems (TODS)
Event stream database based architecture to detect network intrusion: (industry article)
Proceedings of the 7th ACM international conference on Distributed event-based systems
Hi-index | 0.00 |
Computer systems continue to be breached despite substantial investments in defense mechanisms to stop attacks from propagating. The accuracy of current intrusion detection systems (IDSes) is hindered by the limited capability of regular expressions (REs) to express the exact vulnerability. Recent advances have proposed vulnerability-based IDSes that parse traffic and retrieve protocol semantics to describe the vulnerability. Such a description of attacks is analogous to subscriptions that specify events of interest in event processing systems. However, the matching engine of state-of-the-art IDSes lacks efficient matching algorithms that can process many signatures simultaneously. In this work, we place event processing in the core of the IDS and propose novel algorithms to efficiently match vulnerability signatures. Also, we are among the first to detect complex attacks such as the Conficker worm which requires correlating multiple protocol data units (MPDUs) while maintaining a small memory footprint. Finally, we show that our algorithms are resilient to attacks through extensive testing of the IDS under different workloads. Our approach incurs negligible overhead when processing clean traffic and is faster than existing systems.