東華大學圖書館 |

Language: English

Help

回圖書館首頁

手機版館藏查詢

Back

Switch To: Labeled | MARC Mode | ISBD

Packet content inspection: Repetitio...

Faezipour, Miad.

Linked to FindBook

Google Book

Amazon

博客來

Packet content inspection: Repetition-based methodologies and hardware implementation.

Record Type:	Language materials, printed : Monograph/item
Title/Author:	Packet content inspection: Repetition-based methodologies and hardware implementation./
Author:	Faezipour, Miad.
Description:	165 p.
Notes:	Source: Dissertation Abstracts International, Volume: 71-08, Section: B, page: 5013.
Contained By:	Dissertation Abstracts International71-08B.
Subject:	Engineering, Computer. -
Online resource:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3414903
ISBN:	9781124096629

Packet content inspection: Repetition-based methodologies and hardware implementation.
Faezipour, Miad.

Packet content inspection: Repetition-based methodologies and hardware implementation. - 165 p.

Source: Dissertation Abstracts International, Volume: 71-08, Section: B, page: 5013.

Thesis (Ph.D.)--The University of Texas at Dallas, 2010.

Today's network intrusion detection systems (NIDS) are expected to thoroughly analyze packet contents to identify any traces of suspicious activities such as worms or viruses. Internet threats are either completely new and unknown, or previously known. In the former, we deal with identifying worm outbreaks never seen before, while the latter deals with scanning data packets to find traces of previously known or pre-defined worm signatures. In this dissertation, both cases are addressed. The main contribution of our work is twofold. First, we look for frequently repeated strings in a packet stream to detect worm outbreaks. A novel real-time worm outbreak detection system using two-phase hashing is proposed. We use the concept of shared counters to minimize the memory cost while efficiently sifting through packet contents to find suspicious strings. We have implemented our system on reconfigurable hardware and have tested it for various settings and packet stream sizes. Experimental results verify that our system can support line speed of gigabit-rates with negligible false positive and false negative. Second, we investigate a more efficient implementation of NIDS rules using regular expressions that represent suspicious or malicious character sequences in packet payloads. We introduce a new building block based on Non-deterministic Finite Automata (NFA) hardware implementation to support complex constraint repetitions in regular expressions. We report results of hardware implementation that verify the overall performance. In the final part of this dissertation, we investigate practical applications of the proposed algorithms, mainly biomedical signal classification and various networking applications that require some abnormality/irregularity detection.

ISBN: 9781124096629Subjects--Topical Terms:

1669061
Engineering, Computer.

Packet content inspection: Repetition-based methodologies and hardware implementation.
LDR:02990nam 2200289 4500 001 1401273
005 20111017083859.5
008 130515s2010 ||||||||||||||||| ||eng d
020 $a 9781124096629
035 $a (UMI)AAI3414903
035 $a AAI3414903
040 $a UMI $c UMI
100 1 $a Faezipour, Miad. $3 1680398
245 1 0 $a Packet content inspection: Repetition-based methodologies and hardware implementation.
300 $a 165 p.
500 $a Source: Dissertation Abstracts International, Volume: 71-08, Section: B, page: 5013.
500 $a Adviser: Mehrdad Nourani.
502 $a Thesis (Ph.D.)--The University of Texas at Dallas, 2010.
520 $a Today's network intrusion detection systems (NIDS) are expected to thoroughly analyze packet contents to identify any traces of suspicious activities such as worms or viruses. Internet threats are either completely new and unknown, or previously known. In the former, we deal with identifying worm outbreaks never seen before, while the latter deals with scanning data packets to find traces of previously known or pre-defined worm signatures. In this dissertation, both cases are addressed. The main contribution of our work is twofold. First, we look for frequently repeated strings in a packet stream to detect worm outbreaks. A novel real-time worm outbreak detection system using two-phase hashing is proposed. We use the concept of shared counters to minimize the memory cost while efficiently sifting through packet contents to find suspicious strings. We have implemented our system on reconfigurable hardware and have tested it for various settings and packet stream sizes. Experimental results verify that our system can support line speed of gigabit-rates with negligible false positive and false negative. Second, we investigate a more efficient implementation of NIDS rules using regular expressions that represent suspicious or malicious character sequences in packet payloads. We introduce a new building block based on Non-deterministic Finite Automata (NFA) hardware implementation to support complex constraint repetitions in regular expressions. We report results of hardware implementation that verify the overall performance. In the final part of this dissertation, we investigate practical applications of the proposed algorithms, mainly biomedical signal classification and various networking applications that require some abnormality/irregularity detection.
520 $a Keywords: Network intrusion detection system, repeated strings, hashing, shared counters, false positive, false negative, worm outbreak, non-deterministic finite automata, regular expression, constraint repetition inspection, vehicle-area-networks, biomedical signal classification.
590 $a School code: 0382.
650 4 $a Engineering, Computer. $3 1669061
650 4 $a Engineering, Electronics and Electrical. $3 626636
690 $a 0464
690 $a 0544
710 2 $a The University of Texas at Dallas. $3 1018411
773 0 $t Dissertation Abstracts International $g 71-08B.
790 1 0 $a Nourani, Mehrdad, $e advisor
790 $a 0382
791 $a Ph.D.
792 $a 2010
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3414903