XFA: Faster Signature Matching with Extended Automata

14 years 5 months ago

Download pages.cs.wisc.edu

Automata-based representations and related algorithms have been applied to address several problems in information security, and often the automata had to be augmented with additional information. For example, extended ﬁnite-state automata (EFSA) augment ﬁnitestate automata (FSA) with variables to track dependencies between arguments of system calls. In this paper, we introduce extended ﬁnite automata (XFAs) which augment FSAs with ﬁnite scratch memory and instructions to manipulate this memory. Our primary motivation for introducing XFAs is signature matching in Network Intrusion Detection Systems (NIDS). Representing NIDS signatures as deterministic ﬁnite-state automata (DFAs) results in very fast signature matching but for several classes of signatures DFAs can blowup in space. Using nondeterministic ﬁnite-state automata (NFA) to represent NIDS signatures results in a succinct representation but at the expense of higher time complexity for signature matching. In other w...

Randy Smith, Cristian Estan, Somesh Jha

Real-time Traffic

NIDS Signatures | Security Privacy | Signature Matching | SP 2008 | ﬁnite-state Automata |

claim paper

Post Info
More Details (n/a)

Added	01 Jun 2010
Updated	01 Jun 2010
Type	Conference
Year	2008
Where	SP
Authors	Randy Smith, Cristian Estan, Somesh Jha

Comments (0)

Sciweavers

XFA: Faster Signature Matching with Extended Automata

NIDS Signatures | Security Privacy | Signature Matching | SP 2008 | ﬁnite-state Automata |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers