{"title":"Multi-packet signature detection using prefix bloom filters","authors":"N. S. Artan, H. J. Chao","doi":"10.1109/GLOCOM.2005.1577961","DOIUrl":null,"url":null,"abstract":"It is now a fact that manual defenses against worm epidemics are not practical. Recently, various automatic worm identification methods are proposed to be deployed at high-speed network nodes to respond in time to fast infection rates of worms. Unfortunately, these methods can easily be evaded by fragmentation of the worm packets. The straightforward defragmentation method is not applicable for these high-speed nodes, due to its high storage (memory) requirement. In this paper, this problem, namely the multi-packet signature detection problem is addressed using a defragmentation-free, space-efficient solution. A new data structure - prefix bloom filters - along with a new heuristic, called the chain heuristic is proposed to significantly reduce the storage requirement of the problem, so that multi-packet signature detection becomes feasible for high-speed network nodes.","PeriodicalId":319736,"journal":{"name":"GLOBECOM '05. IEEE Global Telecommunications Conference, 2005.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"GLOBECOM '05. IEEE Global Telecommunications Conference, 2005.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/GLOCOM.2005.1577961","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 19
Abstract
It is now a fact that manual defenses against worm epidemics are not practical. Recently, various automatic worm identification methods are proposed to be deployed at high-speed network nodes to respond in time to fast infection rates of worms. Unfortunately, these methods can easily be evaded by fragmentation of the worm packets. The straightforward defragmentation method is not applicable for these high-speed nodes, due to its high storage (memory) requirement. In this paper, this problem, namely the multi-packet signature detection problem is addressed using a defragmentation-free, space-efficient solution. A new data structure - prefix bloom filters - along with a new heuristic, called the chain heuristic is proposed to significantly reduce the storage requirement of the problem, so that multi-packet signature detection becomes feasible for high-speed network nodes.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
