Adaptive Pattern Matching Grammar Generation for Use in Deep Packet Inspection

2011 UKSim 5th European Symposium on Computer Modeling and Simulation Pub Date : 2011-11-01 DOI:10.1109/EMS.2011.74

Govind Menon, Sanchit Katdare, Sumira Phatak, Rahul Khengare

{"title":"Adaptive Pattern Matching Grammar Generation for Use in Deep Packet Inspection","authors":"Govind Menon, Sanchit Katdare, Sumira Phatak, Rahul Khengare","doi":"10.1109/EMS.2011.74","DOIUrl":null,"url":null,"abstract":"Deep Packet Inspection (DPI) is becoming more widely used in virtually all applications or services like Denial of Service (DoS), Intrusion Detection System (IDS) etc. that operate with or within a network. However for a developer or team working on any network project who need to perform DPI, there is always the issue of using a third party source which may involve added cost or implementing it themselves which requires time and study of protocols, signatures and the nuances of pattern matching. The paper proposes a solution to the above problem using an adaptive grammar generation algorithm. This method reduces the entropy among similar results given by different patterns. Immense customizability is the foremost advantage of this method. Existing grammars for new signatures can be combined into a single grammar easily rather than new grammars be generated from raw target strings. The paper, thus, looks to limit the detailed knowledge requirement for the design of signature detection procedures and in doing so re-use existing procedures which have been thoroughly debugged and tested.","PeriodicalId":131364,"journal":{"name":"2011 UKSim 5th European Symposium on Computer Modeling and Simulation","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 UKSim 5th European Symposium on Computer Modeling and Simulation","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EMS.2011.74","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Deep Packet Inspection (DPI) is becoming more widely used in virtually all applications or services like Denial of Service (DoS), Intrusion Detection System (IDS) etc. that operate with or within a network. However for a developer or team working on any network project who need to perform DPI, there is always the issue of using a third party source which may involve added cost or implementing it themselves which requires time and study of protocols, signatures and the nuances of pattern matching. The paper proposes a solution to the above problem using an adaptive grammar generation algorithm. This method reduces the entropy among similar results given by different patterns. Immense customizability is the foremost advantage of this method. Existing grammars for new signatures can be combined into a single grammar easily rather than new grammars be generated from raw target strings. The paper, thus, looks to limit the detailed knowledge requirement for the design of signature detection procedures and in doing so re-use existing procedures which have been thoroughly debugged and tested.

查看原文本刊更多论文

用于深度包检测的自适应模式匹配语法生成

深度包检测(DPI)越来越广泛地应用于几乎所有的应用程序或服务，如拒绝服务(DoS)、入侵检测系统(IDS)等，这些应用程序或服务与网络一起或在网络内运行。然而，对于需要执行DPI的任何网络项目的开发人员或团队来说，总是存在使用第三方资源的问题，这可能会增加成本或自己实现它，这需要时间和研究协议、签名和模式匹配的细微差别。本文提出了一种自适应语法生成算法来解决上述问题。该方法减少了不同模式给出的相似结果之间的熵。巨大的可定制性是这种方法的最大优势。新签名的现有语法可以很容易地组合成一个语法，而不是从原始目标字符串生成新语法。因此，本文试图限制签名检测程序设计的详细知识要求，并在此过程中重用已经过彻底调试和测试的现有程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 UKSim 5th European Symposium on Computer Modeling and Simulation

自引率

0.00%

发文量