AC-Suffix-Tree: Buffer Free String Matching on Out-of-Sequence Packets

机译：AC后缀树：无序包上的无缓冲区字符串匹配

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

TCP and IP fragmentation can be used to evade signature detection at Intrusion Detection/Prevention System (IDS / IPS). Such fragments may arrive out-of-sequence to escape from being detected by the string matching algorithm of IDS / IPS. The common defense is buffering and reassembling packets. However, buffering of out-of-sequence packets can become impractical on high speed links due to limited fast memory capacity, especially when the concurrent flows are in large quantity, or extremely disordered in circumstances such as attacks. So such buffering strategy is vulnerable to memory exhausting denial of service (DoS). In this paper, AC-Suffix-Tree, a buffer free scheme for string matching is proposed, which detects patterns across out-of-sequence packets without buffering and reassembly. This novel algorithm associates the classical Aho-Corasick (AC) algorithm with a pattern suffix tree to search patterns with only the state numbers of AC automaton and suffix tree stored. It demands significantly less memory than buffering the packets themselves. Therefore the IDS can resist memory exhausting DoS attack. AC-Suffix-Tree consumes 1-2 orders of magnitude less memory than buffering the entire packet, and it has the same temporal complexity as AC algorithm when there are no out-of-sequence packets.

机译：TCP和IP碎片可以用来逃避入侵检测/防御系统（IDS / IPS）的签名检测。此类碎片可能会无序到达，以免被IDS / IPS的字符串匹配算法检测到。常见的防御措施是缓冲和重组数据包。但是，由于有限的快速存储容量，尤其是当并发流数量很大或在诸如攻击的情况下极为混乱时，对高速链路上的失序数据包进行缓冲可能变得不切实际。因此，这种缓冲策略容易受到耗尽内存的拒绝服务（DoS）的影响。在本文中，提出了一种AC-Suffix-Tree，一种用于字符串匹配的无缓冲区方案，该方案可以检测不按顺序排列的数据包中的模式，而无需进行缓冲和重组。这种新颖的算法将经典的Aho-Corasick（AC）算法与模式后缀树相关联，以仅使用存储的AC自动机和后缀树的状态编号来搜索模式。与缓冲数据包本身相比，它所需的内存要少得多。因此，IDS可以抵抗耗尽DoS攻击的内存。 AC-Suffix-Tree比缓冲整个数据包消耗的内存少1-2个数量级，并且在没有不按顺序排列的数据包时，其时间复杂度与AC算法相同。

著录项

来源
《2011 Seventh ACM/IEEE Symposium on Architectures for Networking and Communications Systems》|2011年|p.36-44|共9页
会议地点
作者
Chen Xinming; Ge Kailin; Chen Zhen; Li Jun;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类通信;
关键词
Network Security; Packet Reordering; String Matching;

机译：网络安全;数据包重新排序;字符串匹配;

相似文献

外文文献
中文文献
专利

1. Robust and Scalable String Pattern Matching for Deep Packet Inspection on Multicore Processors [J] . Yang Yi-Hua E., Prasanna Viktor K. IEEE Transactions on Parallel and Distributed Systems . 2013,第11期

机译：健壮且可扩展的字符串模式匹配，可在多核处理器上进行深度数据包检查
2. A Hardware-Based String Matching Using State Transition Compression for Deep Packet Inspection [J] . HyunJin Kim, Seung-Woo Lee ETRI journal . 2013,第1期

机译：基于状态转换压缩的基于硬件的字符串匹配，用于深度包检查
3. A Hardware-Based String Matching Using State Transition Compression for Deep Packet Inspection [J] . HyunJin Kim, Seung-Woo Lee ETRI journal . 2013,第1期

机译：基于状态转换压缩的基于硬件的字符串匹配，用于深度包检查
4. AC-Suffix-Tree: Buffer Free String Matching on Out-of-Sequence Packets [C] . Chen Xinming, Ge Kailin, Chen Zhen, ACM/IEEE Symposium on Architectures for Networking and Communications Systems . 2010

机译：ac-suffix-tree：在序列外包上匹配的缓冲区免费字符串
5. High performance architectures for packet forwarding and string pattern matching. [D] . Le, Hoang Xuan. 2011

机译：用于数据包转发和字符串模式匹配的高性能体系结构。
6. A Memory-Efficient Deterministic Finite Automaton-Based Bit-Split String Matching Scheme Using Pattern Uniqueness in Deep Packet Inspection [O] . HyunJin Kim, Kang-Il Choi, Sang-Il Choi -1

机译：基于模式唯一性的深度数据包检查中基于内存的确定性基于自动机的有限位拆分字符串匹配方案
7. AC-Suffix-Tree: Buffer Free String Matching on Out-of-Sequence Packets [O] . Xinming Chen, Kailin Ge, Zhen Chen, 2015

机译：aC-suffix-Tree：无序数据包上的无缓冲字符串匹配

AC-Suffix-Tree: Buffer Free String Matching on Out-of-Sequence Packets

摘要

著录项

相似文献

相关主题

期刊订阅