Detail publikačního výsledku

Approximate Reduction of Finite Automata for High-Speed Network Intrusion Detection

ČEŠKA, M.; HAVLENA, V.; HOLÍK, L.; LENGÁL, O.; VOJNAR, T.

Originální název

Approximate Reduction of Finite Automata for High-Speed Network Intrusion Detection

Anglický název

Approximate Reduction of Finite Automata for High-Speed Network Intrusion Detection

Druh

Stať ve sborníku v databázi WoS či Scopus

Originální abstrakt

We consider the problem of approximate reduction of non-deterministic automata that appear in hardware-accelerated network intrusion detection systems (NIDSes). We define an error distance of a reduced automaton from the original one as the probability of packets being incorrectly classified by the reduced automaton (wrt the probabilistic distribution of packets in the network traffic). We use this notion to design an approximate reduction procedure that achieves a great size reduction (much beyond the state-of-the-art language preserving techniques) with a controlled and small error. We have implemented our approach and evaluated it on use cases from Snort , a popular NIDS. Our results provide experimental evidence that the method can be highly efficient in practice, allowing NIDSes to follow the rapid growth in the speed of networks.

Anglický abstrakt

We consider the problem of approximate reduction of non-deterministic automata that appear in hardware-accelerated network intrusion detection systems (NIDSes). We define an error distance of a reduced automaton from the original one as the probability of packets being incorrectly classified by the reduced automaton (wrt the probabilistic distribution of packets in the network traffic). We use this notion to design an approximate reduction procedure that achieves a great size reduction (much beyond the state-of-the-art language preserving techniques) with a controlled and small error. We have implemented our approach and evaluated it on use cases from Snort , a popular NIDS. Our results provide experimental evidence that the method can be highly efficient in practice, allowing NIDSes to follow the rapid growth in the speed of networks.

Klíčová slova


approximate reduction, probabilistic distance, finite automata, probabilistic automaton, network intrusion detection

Klíčová slova v angličtině


approximate reduction, probabilistic distance, finite automata, probabilistic automaton, network intrusion detection

Autoři

ČEŠKA, M.; HAVLENA, V.; HOLÍK, L.; LENGÁL, O.; VOJNAR, T.

Rok RIV

2019

Vydáno

23.02.2018

Nakladatel

Springer Verlag

Místo

Thessaloniki

Kniha

Proceedings of TACAS'18

ISSN

0302-9743

Periodikum

Lecture Notes in Computer Science

Svazek

10806

Číslo

2

Stát

Spolková republika Německo

Strany od

155

Strany do

175

Strany počet

18

URL

https://www.fit.vut.cz/research/publication/11657/

Plný text v Digitální knihovně

http://hdl.handle.net/11012/195256

BibTex

@inproceedings{BUT147192,
  author="Milan {Češka} and Vojtěch {Havlena} and Lukáš {Holík} and Ondřej {Lengál} and Tomáš {Vojnar}",
  title="Approximate Reduction of Finite Automata for High-Speed Network Intrusion Detection",
  booktitle="Proceedings of TACAS'18",
  year="2018",
  journal="Lecture Notes in Computer Science",
  volume="10806",
  number="2",
  pages="155--175",
  publisher="Springer Verlag",
  address="Thessaloniki",
  doi="10.1007/978-3-319-89963-3\{_}9",
  issn="0302-9743",
  url="https://www.fit.vut.cz/research/publication/11657/"
}

Dokumenty

Ceska2018_Chapter_ApproximateReductionOfFiniteAu
978-3-319-89963-3_9