R&D Result Detail

Original Title

Approximate Reduction of Finite Automata for High-Speed Network Intrusion Detection

English Title

Approximate Reduction of Finite Automata for High-Speed Network Intrusion Detection

Type

Paper in proceedings (conference paper)

Original Abstract

We consider the problem of approximate reduction of non-deterministic automata that appear in hardware-accelerated network intrusion detection systems (NIDSes). We define an error distance of a reduced automaton from the original one as the probability of packets being incorrectly classified by the reduced automaton (wrt the probabilistic distribution of packets in the network traffic). We use this notion to design an approximate reduction procedure that achieves a great size reduction (much beyond the state-of-the-art language preserving techniques) with a controlled and small error. We have implemented our approach and evaluated it on use cases from Snort , a popular NIDS. Our results provide experimental evidence that the method can be highly efficient in practice, allowing NIDSes to follow the rapid growth in the speed of networks.

English abstract

We consider the problem of approximate reduction of non-deterministic automata that appear in hardware-accelerated network intrusion detection systems (NIDSes). We define an error distance of a reduced automaton from the original one as the probability of packets being incorrectly classified by the reduced automaton (wrt the probabilistic distribution of packets in the network traffic). We use this notion to design an approximate reduction procedure that achieves a great size reduction (much beyond the state-of-the-art language preserving techniques) with a controlled and small error. We have implemented our approach and evaluated it on use cases from Snort , a popular NIDS. Our results provide experimental evidence that the method can be highly efficient in practice, allowing NIDSes to follow the rapid growth in the speed of networks.

Keywords

approximate reduction, probabilistic distance, finite automata, probabilistic automaton, network intrusion detection

Key words in English

approximate reduction, probabilistic distance, finite automata, probabilistic automaton, network intrusion detection

Authors

ČEŠKA, M.; HAVLENA, V.; HOLÍK, L.; LENGÁL, O.; VOJNAR, T.

RIV year

2019

Released

23.02.2018

Publisher

Springer Verlag

Location

Thessaloniki

Book

Proceedings of TACAS'18

ISBN

0302-9743

Periodical

Lecture Notes in Computer Science

Volume

10806

Number

2

State

Federal Republic of Germany

Pages from

155

Pages to

175

Pages count

18

URL

https://www.fit.vut.cz/research/publication/11657/

Full text in the Digital Library

http://hdl.handle.net/11012/195256

BibTex

@inproceedings{BUT147192,
  author="Milan {Češka} and Vojtěch {Havlena} and Lukáš {Holík} and Ondřej {Lengál} and Tomáš {Vojnar}",
  title="Approximate Reduction of Finite Automata for High-Speed Network Intrusion Detection",
  booktitle="Proceedings of TACAS'18",
  year="2018",
  journal="Lecture Notes in Computer Science",
  volume="10806",
  number="2",
  pages="155--175",
  publisher="Springer Verlag",
  address="Thessaloniki",
  doi="10.1007/978-3-319-89963-3\{_}9",
  issn="0302-9743",
  url="https://www.fit.vut.cz/research/publication/11657/"
}

Documents

Ceska2018_Chapter_ApproximateReductionOfFiniteAu
978-3-319-89963-3_9

VUT

Faculties and university institutes

Parts

Approximate Reduction of Finite Automata for High-Speed Network Intrusion Detection