2019/1/3 Exscind: Fast Pattern Matching for Intrusion Detection Using Exclusion and Inclusion Filters Next Generation Web Services Practices (NWeSP) 2011.

Slides:

Advertisements

Similar presentations

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:

Advertisements

Optimizing Regular Expression Matching with SR-NFA on Multi-Core Systems Authors : Yang, Y.E., Prasanna, V.K. Yang, Y.E. Prasanna, V.K. Publisher : Parallel.

Pipelined Parallel AC-based Approach for Multi-String Matching Department of Computer Science and Information Engineering National Cheng Kung University,

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

Compact State Machines for High Performance Pattern Matching Department of Computer Science and Information Engineering National Cheng Kung University,

1 Regular expression matching with input compression ： a hardware design for use within network intrusion detection systems Department of Computer Science.

An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.

1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.

Memory-Efficient Regular Expression Search Using State Merging Department of Computer Science and Information Engineering National Cheng Kung University,

OpenFlow-Based Server Load Balancing GoneWild Author : Richard Wang, Dana Butnariu, Jennifer Rexford Publisher : Hot-ICE'11 Proceedings of the 11th USENIX.

High-Performance Packet Classification on GPU Author: Shijie Zhou, Shreyas G. Singapura and Viktor K. Prasanna Publisher: HPEC 2014 Presenter: Gang Chi.

Thopson NFA Presenter: Yuen-Shuo Li Date: 2014/5/7 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

Fast forwarding table lookup exploiting GPU memory architecture Author : Youngjun Lee,Minseon Jeong,Sanghwan Lee,Eun-Jin Im Publisher : Information and.

Packet Classification Using Multi-Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: COMPSACW, 2013 IEEE 37th Annual (Computer.

Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:

A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,

EQC16: An Optimized Packet Classification Algorithm For Large Rule-Sets Author: Uday Trivedi, Mohan Lal Jangir Publisher: 2014 International Conference.

StriD 2 FA: Scalable Regular Expression Matching for Deep Packet Inspection Author: Xiaofei Wang, Junchen Jiang, Yi Tang, Bin Liu, and Xiaojun Wang Publisher:

Deterministic Finite Automaton for Scalable Traffic Identification: the Power of Compressing by Range Authors: Rafael Antonello, Stenio Fernandes, Djamel.

DBS A Bit-level Heuristic Packet Classification Algorithm for High Speed Network Author : Baohua Yang, Xiang Wang, Yibo Xue, Jun Li Publisher : th.

Memory-Efficient Regular Expression Search Using State Merging Author: Michela Becchi, Srihari Cadambi Publisher: INFOCOM th IEEE International.

Updating Designed for Fast IP Lookup Author : Natasa Maksic, Zoran Chicha and Aleksandra Smiljani´c Conference: IEEE High Performance Switching and Routing.

Binary-tree-based high speed packet classification system on FPGA Author: Jingjiao Li*, Yong Chen*, Cholman HO**, Zhenlin Lu* Publisher: 2013 ICOIN Presenter:

A Fast Regular Expression Matching Engine for NIDS Applying Prediction Scheme Author: Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan and Binxing Fang Publisher:

Lightweight Traffic-Aware Packet Classification for Continuous Operation Author: Shariful Hasan Shaikot, Min Sik Kim Presenter: Yen-Chun Tseng Date: 2014/11/26.

Packet Classification Using Dynamically Generated Decision Trees

GFlow: Towards GPU-based High- Performance Table Matching in OpenFlow Switches Author : Kun Qiu, Zhe Chen, Yang Chen, Jin Zhao, Xin Wang Publisher : Information.

An Improved Multi-Pattern Matching Algorithm for Large-Scale Pattern Sets Author : Zhan Peng, Yu-Ping Wang and Jin-Feng Xue Conference: IEEE 10th International.

LOP_RE: Range Encoding for Low Power Packet Classification Author: Xin He, Jorgen Peddersen and Sri Parameswaran Conference : IEEE 34th Conference on Local.

SRD-DFA Achieving Sub-Rule Distinguishing with Extended DFA Structure Author: Gao Xia, Xiaofei Wang, Bin Liu Publisher: IEEE DASC (International Conference.

Practical Multituple Packet Classification Using Dynamic Discrete Bit Selection Author: Baohua Yang, Fong J., Weirong Jiang, Yibo Xue, Jun Li Publisher:

Hierarchical Hybrid Search Structure for High Performance Packet Classification Authors : O˜guzhan Erdem, Hoang Le, Viktor K. Prasanna Publisher : INFOCOM,

LightFlow : Speeding Up GPU-based Flow Switching and Facilitating Maintenance of Flow Table Author : Nobutaka Matsumoto and Michiaki Hayashi Conference:

Scalable Multi-match Packet Classification Using TCAM and SRAM Author: Yu-Chieh Cheng, Pi-Chung Wang Publisher: IEEE Transactions on Computers (2015) Presenter:

JA-trie: Entropy-Based Packet Classiﬁcation Author: Gianni Antichi, Christian Callegari, Andrew W. Moore, Stefano Giordano, Enrico Anastasi Conference.

A Multi-dimensional Packet Classification Algorithm Based on Hierarchical All-match B+ Tree Author: Gang Wang, Yaping Lin*, Jinguo Li, Xin Yao Publisher:

Reorganized and Compact DFA for Efficient Regular Expression Matching

2018/4/23 Dynamic Load-balanced Path Optimization in SDN-based Data Center Networks Author: Yuan-Liang Lan , Kuochen Wang and Yi-Huai Hsu Presenter: Yi-Hsien.

2018/4/27 PiDFA : A Practical Multi-stride Regular Expression Matching Engine Based On FPGA Author: Jiajia Yang, Lei Jiang, Qiu Tang, Qiong Dai, Jianlong.

Minimizing latency of critical traffic through SDN

A DFA with Extended Character-Set for Fast Deep Packet Inspection

2018/6/26 An Energy-efficient TCAM-based Packet Classification with Decision-tree Mapping Author: Zhao Ruan, Xianfeng Li , Wenjun Li Publisher: 2013.

SigMatch Fast and Scalable Multi-Pattern Matching

Parallel Processing Priority Trie-based IP Lookup Approach

2018/12/29 A Novel Approach for Prefix Minimization using Ternary trie (PMTT) for Packet Classification Author: Sanchita Saha Ray, Abhishek Chatterjee,

2019/1/1 High Performance Intrusion Detection Using HTTP-Based Payload Aggregation 2017 IEEE 42nd Conference on Local Computer Networks (LCN) Author: Felix.

Memory-Efficient Regular Expression Search Using State Merging

Virtual TCAM for Data Center Switches

Scalable Multi-Match Packet Classification Using TCAM and SRAM

A New String Matching Algorithm Based on Logical Indexing

EMOMA- Exact Match in One Memory Access

Compact DFA Structure for Multiple Regular Expressions Matching

2019/5/3 A De-compositional Approach to Regular Expression Matching for Network Security Applications Author: Eric Norige Alex Liu Presenter: Yi-Hsien.

2019/5/5 A Flexible Wildcard-Pattern Matching Accelerator via Simultaneous Discrete Finite Automata Author: Hsiang-Jen Tsai, Chien-Chih Chen, Yin-Chi Peng,

2019/5/10 A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic Author: Tejmani Sinam, Irengbam Tilokchan Singh,

2019/5/8 BitCoding Network Traffic Classification Through Encoded Bit Level Signatures Author: Neminath Hubballi, Mayank Swarnkar Publisher/Conference:

Pipelined Architecture for Multi-String Matching

2019/5/14 New Shift table Algorithm For Multiple Variable Length String Pattern Matching Author: Punit Kanuga Presenter: Yi-Hsien Wu Conference: 2015.

Power-efficient range-match-based packet classification on FPGA

Presenter: Yu Hao, Tseng Date: 2014/8/25

A Hybrid IP Lookup Architecture with Fast Updates

An Improved Wu-Manber Multiple Patterns Matching Algorithm

Pattern Based Packet Filtering using NetFPGA in DETER Infrastructure

2019/9/14 The Deep Learning Vision for Heterogeneous Network Traffic Control Proposal, Challenges, and Future Perspective Author: Nei Kato, Zubair Md.

High Performance Pattern Matching using Bloom–Bloomier Filter

2019/9/3 Adaptive Hashing Based Multiple Variable Length Pattern Search Algorithm for Large Data Sets 比對 Simple Pattern 的方法是基於 Hash 並且可以比對不同長度的 Pattern。

2019/10/9 Regular Expression Matching for Reconfigurable Constraint Repetition Inspection Authors : Miad Faezipour and Mehrdad Nourani Publisher : IEEE.

Towards TCAM-based Scalable Virtual Routers

Packet Classification Using Binary Content Addressable Memory

Presentation transcript:

2019/1/3 Exscind: Fast Pattern Matching for Intrusion Detection Using Exclusion and Inclusion Filters Next Generation Web Services Practices (NWeSP) 2011 7th International Conference Author: Monther Aldwairi, Duaa Alansari Presenter: Cheng-Feng Ke Date: 2017/12/20 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C. CSIE CIAL Lab 1

Exscind Packets Bloom Wu-Manber Filter A part of Packet Payload 2019/1/3 Exscind Packets Bloom Filter Wu-Manber A part of Packet Payload No-Match Packets National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

2019/1/3 INTRODUCTION National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

Probable Match Modified WM 2019/1/3 Probable Match Modified WM PWM rewrites the original WM C++ code [21] using C#.NET in order to support all signature elements especially the HEX bytes between the pipes. PWM extends WM to support all special, control and non-printable ASCII characters as well as the NULL character. It searches the packet for just the highly probable signatures starting from a certain index provided by the filter. National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

2019/1/3 Evaluation The experiments are designed to compare Exscind with the regular Wu-Manber algorithm used in Snort. The simulations are performed on a PC with a 3 GHz Intel Core 2 processor, with 4 GB of main memory running Microsoft Windows 7. Each experiment is performed 20 times and then average time and memory are scored. National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

2019/1/3 Evaluation 1) SIP_Eyebeam2Eyebeam_Video_Audio (VA) is a video and audio streaming from TechTraces repository [25]. 2) Good-Download (GD) is a file download from Laura's Lab Kit v.8 repository [26]. 3) Live-Chat (LC) is a live chat application from [26]. 4) WebHotmail (HM) is a mail trace from TkuIM mail repository [27]. National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

2019/1/3 Evaluation The longer strings penalize the WM which has to perform matching every time while Exscind benefits more from skipping such long strings. Therefore, WM runtime increases while Exscind time gets shorter which explains the slight increase in speedup as the number of signatures increase. The important conclusion out this experiment is that the speed up achieved by the algorithm is nearly independent from the number of strings if they were completely even in size. National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

2019/1/3 Evaluation Fig. 9 shows Exscind worst case memory usage measured for the ugly traces versus increasing number of signatures. The memory usage increases linearly with the number of signatures. This is typical of WM based algorithms as opposed to exponential in AC. National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab