Multi-packet signature detection using prefix bloom filters

Author

Artan, N. Sertac ; Chao, H. Jonathan

Author_Institution

Dept. of Electr. & Comput. Eng., Polytech. Univ. Brooklyn, NY, USA

Volume

3

fYear

2005

fDate

28 Nov.-2 Dec. 2005

Abstract

It is now a fact that manual defenses against worm epidemics are not practical. Recently, various automatic worm identification methods are proposed to be deployed at high-speed network nodes to respond in time to fast infection rates of worms. Unfortunately, these methods can easily be evaded by fragmentation of the worm packets. The straightforward defragmentation method is not applicable for these high-speed nodes, due to its high storage (memory) requirement. In this paper, this problem, namely the multi-packet signature detection problem is addressed using a defragmentation-free, space-efficient solution. A new data structure - prefix bloom filters - along with a new heuristic, called the chain heuristic is proposed to significantly reduce the storage requirement of the problem, so that multi-packet signature detection becomes feasible for high-speed network nodes.

Keywords

data structures; digital filters; digital signatures; invasive software; automatic worm identification methods; chain heuristic; data structure; defragmentation method; high-speed networks; multipacket signature detection; prefix bloom filters; storage requirement; worm epidemics; worm packets fragmentation; Chaos; Computer crime; Data structures; Filtering; Inspection; Intrusion detection; Matched filters; Payloads; Routing; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference, 2005. GLOBECOM '05. IEEE

Print_ISBN

0-7803-9414-3

Type

conf

DOI

10.1109/GLOCOM.2005.1577961

Filename

1577961