Automata-Theoretic Analysis of Bit-Split Languages for Packet Scanning

Dixon, Ryan; Eğecioğlu, Ömer; Sherwood, Timothy

doi:10.1007/978-3-540-70844-5_15

Ryan Dixon¹,
Ömer Eğecioğlu¹ &
Timothy Sherwood¹

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5148))

Included in the following conference series:

International Conference on Implementation and Application of Automata

458 Accesses
5 Citations

Abstract

Bit-splitting breaks the problem of monitoring traffic payloads to detect the occurrence of suspicious patterns into several parallel components, each of which searches for a particular bit pattern. We analyze bit-splitting as applied to Aho-Corasick style string matching. The problem can be viewed as the recovery of a special class of regular languages over product alphabets from a collection of homomorphic images. We use this characterization to prove correctness and to give space bounds. In particular we show that the NFA to DFA conversion of the Aho-Corasick type machine used for bit-splitting incurs only linear overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Aho, A.V., Corasick, M.J.: Efficient String Matching: An Aid to Bibliographic Search. Comm. of the ACM 18(6), 333–340 (1975)
Article MATH MathSciNet Google Scholar
Baker, Z.K., Prasanna, V.K.: High-throughput Linked-Pattern Matching for Intrusion Detection Systems. In: Proc. of the First Annual ACM Sym. on Arch. for Networking and Comm. Systems (2005)
Google Scholar
Eckmann, S.T., Vigna, G., Kemmerer, R.A.: STATL: An Attack Language for State-Based Intrusion Detection. J. of Computer Security 10(1/2), 71–104 (2002)
Google Scholar
Newsome, J., Karp, B., Song, D.X.: Polygraph: Automatically Generating Signatures for Polymorphic Worms. In: IEEE Sym. on Security and Privacy, pp. 226–241 (2005)
Google Scholar
Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proc. of LISA 1999: 13th Systems Adm. Conf., November 1999, pp. 229–238 (1999)
Google Scholar
Tan, L., Sherwood, T.: A High Throughput String Matching Architecture for Intrusion Detection and Prevention. In: ISCA 2005: Proc. of the 32nd Annual Int. Sym. on Computer Architecture, pp. 112–122 (2005)
Google Scholar
Tuck, N., Sherwood, T., Calder, B., Varghese, G.: Deterministic Memory-Efficient String Matching Algorithms for Intrusion Detection. In: The 23rd Conf. of the IEEE Comm. Society (Infocomm) (2004)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science, University of California, Santa Barbara,
Ryan Dixon, Ömer Eğecioğlu & Timothy Sherwood

Authors

Ryan Dixon
View author publications
You can also search for this author in PubMed Google Scholar
Ömer Eğecioğlu
View author publications
You can also search for this author in PubMed Google Scholar
Timothy Sherwood
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Oscar H. Ibarra Bala Ravikumar

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Dixon, R., Eğecioğlu, Ö., Sherwood, T. (2008). Automata-Theoretic Analysis of Bit-Split Languages for Packet Scanning. In: Ibarra, O.H., Ravikumar, B. (eds) Implementation and Applications of Automata. CIAA 2008. Lecture Notes in Computer Science, vol 5148. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70844-5_15

Download citation

DOI: https://doi.org/10.1007/978-3-540-70844-5_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70843-8
Online ISBN: 978-3-540-70844-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics