Journal ArticleDOI
Profiling and accelerating string matching algorithms in three network content security applications
TLDR
This work reviews typical algorithms and profiles their performance under various situations to study the influence of the number, the length, and the character distribution of the signatures on performance, and replaces their original algorithms with the most efficient ones in the profiling.Abstract:
The efficiency of string matching algorithms is essential for network content security applications, such as intrusion detection systems, anti-virus systems, and Web content filters. This work reviews typical algorithms and profiles their performance under various situations to study the influence of the number, the length, and the character distribution of the signatures on performance. This profiling can reveal the most efficient algorithm in each situation. A fast verification method for some string matching algorithms is also proposed. This work then analyzes the signature characteristics of three content security applications and replaces their original algorithms with the most efficient ones in the profiling. The improvement for both real and synthetic sample data is observed. For example, an open source anti-virus package, ClamAV, is five times faster after the revision. This work features comprehensive profiling results of typical string matching algorithms and observations of their application on network content security. The results can enlighten the choice of a proper algorithm in practical design.read more
Citations
More filters
Patent
Distributed malware detection
TL;DR: In this article, a computer-implemented method includes accessing, using one or more processing units, a first file of a plurality of files requested to be analyzed for malware, and generating an output comprising an indication of whether the first file comprises malware.
Journal ArticleDOI
A Survey of Payload-Based Traffic Classification Approaches
TL;DR: A survey in which a complete and thorough analysis of the most important open-source DPI modules is performed and the obtained evaluation results enable the proposal of general guidelines for the design and implementation of more adequate D PI modules.
Journal ArticleDOI
A Survey on Regular Expression Matching for Deep Packet Inspection: Applications, Algorithms, and Hardware Platforms
TL;DR: Proposals employing parallel platforms, including field-programmable gate array, GPU, general multi-processors, and ternary content addressable memory, to accelerate the matching process are introduced and thoroughly discussed and guidelines for efficient deployment are provided.
Journal ArticleDOI
Evasion Techniques: Sneaking through Your Intrusion Detection/Prevention Systems
TL;DR: The results indicate that duplicate insertion becomes less effective on recent systems, but packet splitting, payload mutation and shellcode mutation can be still effective against them.
Journal ArticleDOI
SplitScreen: Enabling efficient, distributed malware detection
TL;DR: SplitScreen performs an additional screening step prior to the signature matching phase found in existing approaches, which naturally leads to a network-based anti-malware solution in which clients only receive signatures they needed, not every malware signature ever created as with current approaches.
References
More filters
Journal ArticleDOI
Efficient string matching: an aid to bibliographic search
TL;DR: A simple, efficient algorithm to locate all occurrences of any of a finite number of keywords in a string of text that has been used to improve the speed of a library bibliographic search program by a factor of 5 to 10.
Journal ArticleDOI
A guided tour to approximate string matching
TL;DR: This work surveys the current techniques to cope with the problem of string matching that allows errors, and focuses on online searching and mostly on edit distance, explaining the problem and its relevance, its statistical behavior, its history and current developments, and the central ideas of the algorithms.
Journal ArticleDOI
A fast string searching algorithm
TL;DR: The algorithm has the unusual property that, in most cases, not all of the first i.” in another string, are inspected.
Journal ArticleDOI
Efficient randomized pattern-matching algorithms
Richard M. Karp,Michael O. Rabin +1 more
TL;DR: In this article, the first occurrence of a string X as a consecutive block within a text Y is found by using a randomized algorithm. But the algorithm requires a constant number of storage locations, and essentially runs in real time.
Journal ArticleDOI
Algorithms for packet classification
Pankaj Gupta,Nick McKeown +1 more
TL;DR: This tutorial describes algorithms that are representative of each category of basic search algorithms, and discusses which type of algorithm might be suitable for different applications.