: Most intrusion detection systems deployed today apply misuse detection as analysis method. Misuse detection searches for attack traces in the recorded audit data using predefined...
Deterministic Finite Automaton (DFA) is well-known for its constant matching speed in worst case, and widely used in multistring matching, which is a critical technique in high pe...
Junchen Jiang, Yi Tang, Bin Liu, Xiaofei Wang, Yan...
Abstract— Several network security and QoS applications require detecting multiple string matches in the packet payload by comparing it against predefined pattern set. This proc...
Meeta Yadav, Ashwini Venkatachaliah, Paul D. Franz...
—This paper presents a family of bitmap algorithms that address the problem of counting the number of distinct header patterns (flows) seen on a high-speed link. Such counting c...
Alert correlation is an important technique for managing large the volume of intrusion alerts that are raised by heterogenous Intrusion Detection Systems (IDSs). The recent trend ...