NIS04-6: A Time- and Memory- Efficient String Matching Algorithm for Intrusion Detection Systems

Sheu, Tzu-Fang; Huang, Nen-Fu; Lee, Hsiao-Ping

doi:10.1109/glocom.2006.284

Cited by 6 publications

(2 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Using a compressed structure, Tuck et al proposed the AC algorithm with memory compression (AC-C), a modification of AC, and reduced the required memory to about 2 percent of AC [8]. ACM applied a magic number derived from the Chinese Remainder Theorem to AC [14]. ACM reduced the required memory space and computation complexity, thus improving the worst-case performance.…”

Section: Previous Workmentioning

confidence: 98%

In-Depth Packet Inspection Using a Hierarchical Pattern Matching Algorithm

Sheu

Huang

Lee

2010

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

[[abstract]]Detection engines capable of inspecting packet payloads for application-layer network information are urgently required. The most important technology for fast payload inspection is an efficient multipattern matching algorithm, which performs exact string matching between packets and a large set of predefined patterns. This paper proposes a novel Enhanced Hierarchical Multipattern Matching Algorithm (EHMA) for packet inspection. Based on the occurrence frequency of grams, a small set of the most frequent grams is discovered and used in the EHMA. EHMA is a two-tier and cluster-wise matching algorithm, which significantly reduces the amount of external memory accesses and the capacity of memory. Using a skippable scan strategy, EHMA speeds up the scanning process. Furthermore, independent of parallel and special functions, EHMA is very simple and therefore practical for both software and hardware implementations. Simulation results reveal that EHMA significantly improves the matching performance. The speed of EHMA is about 0.89-1,161 times faster than that of current matching algorithms. Even under real-life intense attack, EHMA still performs well

show abstract

Section: Previous Workmentioning

confidence: 98%

In-Depth Packet Inspection Using a Hierarchical Pattern Matching Algorithm

Sheu

Huang

Lee

2010

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…In many practical applications, there are some limitations on using training data because of the following reasons: 1) producing training data is a time consuming and expensive task, 2) a limitation on memory exists for using all training data at the same time, and 3) not all training data are available at training time. For example, in Intrusion Detection Systems, not all training data are available at the same time and consideration of all data for training requires a huge amount of memory, which increases the training time considerably [1]. Similarly, in the classification of stream data, it is not possible to store all the data for using as training data [2].…”

Section: Introductionmentioning

confidence: 99%

Incremental RotBoost algorithm: An application for spam filtering

Ghanbari

Beigy

2015

IDA

View full text Add to dashboard Cite

Incremental learning is a learning algorithm that can get new information from new training sets without forgetting the acquired knowledge from the previously used training sets. In this paper, an incremental learning algorithm based on ensemble learning is proposed. Then, an application of the proposed algorithm for spam filtering is discussed. The proposed algorithm called incremental RotBoost, assumes the environment is stationary. It trains new weak classifiers for newly arriving data, which are added to the ensemble of classifiers. To evaluate the performance of the proposed algorithm, several computer experiments are conducted. The results of computer experiments show the ability of our proposed algorithm for different tasks in the incremental learning. The results also demonstrate that the proposed algorithm can learn incrementally, and it can learn new classes, as well.

show abstract