Methods of improvement effectveness for high-speed packet classifying
Keywords:
network monitoring; traffic analysis; packet classifying; intrusion detection system
Abstract
The article describes methods and approaches chosen for development of network traffic classifiers. These tools usable as detectors of abnormal activities are based on Aho-Corasick algorithm implementation. The main part of the work is devoted to the overview of ways to improve the classifiers efficiency as well as to minimization of processing time needed to detect traffic class the particular network packet belongs to. Obtained conclusions can be used to create distributed classification system with optimal architecture.
Downloads
Download data is not yet available.
References
L. Bailey, B. Gopal, A. Pagels, L. Peterson. Pathfinder: A pattern-based packet classifier., Operating Systems Design and Implementation, p. 115-123, 1994.
A. Begel, S. McCanne, L. Graham. BPF+: Exploiting global data-flow optimization in generalized packet filter architecture. In SIGCOMM, p. 123-134, 1999.
S. Chandra, P. McCann. Packet types. Workshop on Compiler Support for Systems Software (WCSSS), May 1999.
P. Gustafsson, K. Sagonas. Efficient manipulation of binary data using pattern matching., J. Funct. Program., p. 16-35, 2006.
J. Hopcroft, R. Motwani. Introduction to Automata Theory, Languages, and Computation. Addison Wesley, 2001.
C. Kruegel, T. Toth. Using decision trees to improve signature-based intrusion detection., Symposium on Recent Advances in Intrusion Detection (RAID), 2003.
T. Lakshman, D. Stiliadis. High-speed policy-based packet forwarding using efficient multi-dimensional range matching. In SIGCOMM, p. 203-214, 1998.
S. McCanne, Van Jacobson. The BSD packet filter: A new architecture for user-level packet capture. In USENIX Winter, p. 259-270, 1993.
G. Varghes. Packet classification using multidimensional cutting. SIGCOMM, 2003.
U. Manber. A fast algorithm for multi-pattern searching. Technical Report TR94-17, 1994.
Z. Chen, Y. Diao, T. Lakshman. Fast and memory-efficient regular expression matching for deep packet inspection. In Architectures for Networking and Communications Systems, p. 93-100, 2006.
FreeBSD Kernel Interfaces Manual [Електронний ресурс] . – Режим доступу: http://www.freebsd.org/cgi/man.cgi?bpf%284%29
Snort - open source network IDS/IPS [Електронний ресурс] . – Режим доступу: http://www.snort.org/
A. Begel, S. McCanne, L. Graham. BPF+: Exploiting global data-flow optimization in generalized packet filter architecture. In SIGCOMM, p. 123-134, 1999.
S. Chandra, P. McCann. Packet types. Workshop on Compiler Support for Systems Software (WCSSS), May 1999.
P. Gustafsson, K. Sagonas. Efficient manipulation of binary data using pattern matching., J. Funct. Program., p. 16-35, 2006.
J. Hopcroft, R. Motwani. Introduction to Automata Theory, Languages, and Computation. Addison Wesley, 2001.
C. Kruegel, T. Toth. Using decision trees to improve signature-based intrusion detection., Symposium on Recent Advances in Intrusion Detection (RAID), 2003.
T. Lakshman, D. Stiliadis. High-speed policy-based packet forwarding using efficient multi-dimensional range matching. In SIGCOMM, p. 203-214, 1998.
S. McCanne, Van Jacobson. The BSD packet filter: A new architecture for user-level packet capture. In USENIX Winter, p. 259-270, 1993.
G. Varghes. Packet classification using multidimensional cutting. SIGCOMM, 2003.
U. Manber. A fast algorithm for multi-pattern searching. Technical Report TR94-17, 1994.
Z. Chen, Y. Diao, T. Lakshman. Fast and memory-efficient regular expression matching for deep packet inspection. In Architectures for Networking and Communications Systems, p. 93-100, 2006.
FreeBSD Kernel Interfaces Manual [Електронний ресурс] . – Режим доступу: http://www.freebsd.org/cgi/man.cgi?bpf%284%29
Snort - open source network IDS/IPS [Електронний ресурс] . – Режим доступу: http://www.snort.org/
Published
2014-03-11
How to Cite
Бойко, Ю. В., & Дєєв, К. С. (2014). Methods of improvement effectveness for high-speed packet classifying. Bulletin of V.N. Karazin Kharkiv National University, Series «Mathematical Modeling. Information Technology. Automated Control Systems», 25(1131), 5-12. Retrieved from https://periodicals.karazin.ua/mia/article/view/14226
Issue
Section
Статті
