嵌入式网络入侵检测平台的可重目标多字符串匹配代码生成

2015 IEEE International Conference on Communication Software and Networks (ICCSN) Pub Date : 2015-06-06 DOI:10.1109/ICCSN.2015.7296134

Chia-Nan Kao, I-Ju Liao, Yung-Cheng Chang, Chengtah Lin, N. Huang, Rong-Tai Liu, Hsien-Wei Hung

{"title":"嵌入式网络入侵检测平台的可重目标多字符串匹配代码生成","authors":"Chia-Nan Kao, I-Ju Liao, Yung-Cheng Chang, Chengtah Lin, N. Huang, Rong-Tai Liu, Hsien-Wei Hung","doi":"10.1109/ICCSN.2015.7296134","DOIUrl":null,"url":null,"abstract":"The common means of defense for network security systems is to block the intrusions by matching the signatures. Intrusion-signature matching is the critical operation. However, small and medium-sized enterprise (SME) or Small Office Home Office (SOHO) network security systems may not have sufficient resources to maintain good matching performance with full-set rules. Code generation is a technique used to convert data structures or instruction to other forms to obtain greater benefits within execution environments. This study analyzes intrusion detection system (IDS) signatures and discovers character occurrence to be significantly uneven. Based on this property, this study designs a method to generate a string matching source code according to the state table of AC algorithm for embedded network intrusion detection platforms. The generated source code requires less memory and relies not only on table lookup, but also on the ability of processor. This method can upgrade the performance by compiling optimization and contribute to the application of network processors and DSP-like based platforms. From evaluation, this method requires use of only 20% memory and can achieve 86% performance in clean traffic compared to the original Aho-Corasick algorithm (AC).","PeriodicalId":319517,"journal":{"name":"2015 IEEE International Conference on Communication Software and Networks (ICCSN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A retargetable multiple string matching code generation for embedded network intrusion detection platforms\",\"authors\":\"Chia-Nan Kao, I-Ju Liao, Yung-Cheng Chang, Chengtah Lin, N. Huang, Rong-Tai Liu, Hsien-Wei Hung\",\"doi\":\"10.1109/ICCSN.2015.7296134\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The common means of defense for network security systems is to block the intrusions by matching the signatures. Intrusion-signature matching is the critical operation. However, small and medium-sized enterprise (SME) or Small Office Home Office (SOHO) network security systems may not have sufficient resources to maintain good matching performance with full-set rules. Code generation is a technique used to convert data structures or instruction to other forms to obtain greater benefits within execution environments. This study analyzes intrusion detection system (IDS) signatures and discovers character occurrence to be significantly uneven. Based on this property, this study designs a method to generate a string matching source code according to the state table of AC algorithm for embedded network intrusion detection platforms. The generated source code requires less memory and relies not only on table lookup, but also on the ability of processor. This method can upgrade the performance by compiling optimization and contribute to the application of network processors and DSP-like based platforms. From evaluation, this method requires use of only 20% memory and can achieve 86% performance in clean traffic compared to the original Aho-Corasick algorithm (AC).\",\"PeriodicalId\":319517,\"journal\":{\"name\":\"2015 IEEE International Conference on Communication Software and Networks (ICCSN)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE International Conference on Communication Software and Networks (ICCSN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCSN.2015.7296134\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE International Conference on Communication Software and Networks (ICCSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCSN.2015.7296134","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

网络安全系统常用的防御手段是通过签名匹配来阻止入侵。入侵特征匹配是关键操作。但是，对于中小企业(SME)或SOHO (small Office Home Office)的网络安全系统来说，可能没有足够的资源来维持完整规则的良好匹配性能。代码生成是一种技术，用于将数据结构或指令转换为其他形式，以便在执行环境中获得更大的好处。本文通过对入侵检测系统(IDS)特征的分析，发现特征出现的不均匀性非常明显。基于这一特性，本文设计了一种基于AC算法状态表生成字符串匹配源代码的方法，用于嵌入式网络入侵检测平台。生成的源代码需要较少的内存，并且不仅依赖于表查找，还依赖于处理器的能力。该方法可以通过编译优化来提升性能，有助于网络处理器和类dsp平台的应用。从评估来看，与原始的Aho-Corasick算法(AC)相比，该方法只需要使用20%的内存，在干净流量下可以实现86%的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A retargetable multiple string matching code generation for embedded network intrusion detection platforms

The common means of defense for network security systems is to block the intrusions by matching the signatures. Intrusion-signature matching is the critical operation. However, small and medium-sized enterprise (SME) or Small Office Home Office (SOHO) network security systems may not have sufficient resources to maintain good matching performance with full-set rules. Code generation is a technique used to convert data structures or instruction to other forms to obtain greater benefits within execution environments. This study analyzes intrusion detection system (IDS) signatures and discovers character occurrence to be significantly uneven. Based on this property, this study designs a method to generate a string matching source code according to the state table of AC algorithm for embedded network intrusion detection platforms. The generated source code requires less memory and relies not only on table lookup, but also on the ability of processor. This method can upgrade the performance by compiling optimization and contribute to the application of network processors and DSP-like based platforms. From evaluation, this method requires use of only 20% memory and can achieve 86% performance in clean traffic compared to the original Aho-Corasick algorithm (AC).

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 IEEE International Conference on Communication Software and Networks (ICCSN)

自引率

0.00%

发文量