Abstract
Bit-splitting breaks the problem of monitoring traffic payloads to detect the occurrence of suspicious patterns into several parallel components, each of which searches for a particular bit pattern. We analyze bit-splitting as applied to Aho-Corasick style string matching. The problem can be viewed as the recovery of a special class of regular languages over product alphabets from a collection of homomorphic images. We use this characterization to prove correctness and to give space bounds. In particular we show that the NFA to DFA conversion of the Aho-Corasick type machine used for bit-splitting incurs only linear overhead.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Aho, A.V., Corasick, M.J.: Efficient String Matching: An Aid to Bibliographic Search. Comm. of the ACM 18(6), 333–340 (1975)
Baker, Z.K., Prasanna, V.K.: High-throughput Linked-Pattern Matching for Intrusion Detection Systems. In: Proc. of the First Annual ACM Sym. on Arch. for Networking and Comm. Systems (2005)
Eckmann, S.T., Vigna, G., Kemmerer, R.A.: STATL: An Attack Language for State-Based Intrusion Detection. J. of Computer Security 10(1/2), 71–104 (2002)
Newsome, J., Karp, B., Song, D.X.: Polygraph: Automatically Generating Signatures for Polymorphic Worms. In: IEEE Sym. on Security and Privacy, pp. 226–241 (2005)
Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proc. of LISA 1999: 13th Systems Adm. Conf., November 1999, pp. 229–238 (1999)
Tan, L., Sherwood, T.: A High Throughput String Matching Architecture for Intrusion Detection and Prevention. In: ISCA 2005: Proc. of the 32nd Annual Int. Sym. on Computer Architecture, pp. 112–122 (2005)
Tuck, N., Sherwood, T., Calder, B., Varghese, G.: Deterministic Memory-Efficient String Matching Algorithms for Intrusion Detection. In: The 23rd Conf. of the IEEE Comm. Society (Infocomm) (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dixon, R., Eğecioğlu, Ö., Sherwood, T. (2008). Automata-Theoretic Analysis of Bit-Split Languages for Packet Scanning. In: Ibarra, O.H., Ravikumar, B. (eds) Implementation and Applications of Automata. CIAA 2008. Lecture Notes in Computer Science, vol 5148. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70844-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-70844-5_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70843-8
Online ISBN: 978-3-540-70844-5
eBook Packages: Computer ScienceComputer Science (R0)