Approximate Reduction of Finite Automata for High-Speed Network Intrusion Detection (Technical Report)

October 24, 2017 ยท The Ethereal ยท ๐Ÿ› International Journal on Software Tools for Technology Transfer (STTT)

๐Ÿ”ฎ THE ETHEREAL: The Ethereal
Pure theory โ€” exists on a plane beyond code

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Milan Ceska, Vojtech Havlena, Lukas Holik, Ondrej Lengal, Tomas Vojnar arXiv ID 1710.08647 Category cs.FL: Formal Languages Cross-listed cs.LO, cs.NI Citations 21 Venue International Journal on Software Tools for Technology Transfer (STTT) Last Checked 1 month ago
Abstract
We consider the problem of approximate reduction of non-deterministic automata that appear in hardware-accelerated network intrusion detection systems (NIDSes). We define an error distance of a reduced automaton from the original one as the probability of packets being incorrectly classified by the reduced automaton (wrt the probabilistic distribution of packets in the network traffic). We use this notion to design an approximate reduction procedure that achieves a great size reduction (much beyond the state-of-the-art language-preserving techniques) with a controlled and small error. We have implemented our approach and evaluated it on use cases from Snort, a popular NIDS. Our results provide experimental evidence that the method can be highly efficient in practice, allowing NIDSes to follow the rapid growth in the speed of networks.
Community shame:
Not yet rated
๐Ÿ“„ View on arXiv ๐ŸŒ View on ar5iv ๐Ÿ“‘ PDF ๐ŸŽ‰ Report Code Found
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

๐Ÿ“œ Similar Papers

In the same crypt โ€” Formal Languages