Approximate Reduction of Finite Automata for High-Speed Network Intrusion Detection
Přibližná redukce konečných automatů pro detekci útoků ve vysokorychlostních sítích
| dc.contributor.author | Češka, Milan | cs |
| dc.contributor.author | Havlena, Vojtěch | cs |
| dc.contributor.author | Holík, Lukáš | cs |
| dc.contributor.author | Lengál, Ondřej | cs |
| dc.contributor.author | Vojnar, Tomáš | cs |
| dc.date.accessioned | 2020-10-29T10:05:36Z | |
| dc.date.available | 2020-10-29T10:05:36Z | |
| dc.date.issued | 2018-02-23 | cs |
| dc.identifier.citation | Lecture Notes in Computer Science. 2018, vol. 10806, issue 2, p. 155-175. | en |
| dc.identifier.issn | 0302-9743 | cs |
| dc.identifier.other | 147192 | cs |
| dc.identifier.uri | http://hdl.handle.net/11012/195256 | |
| dc.description.abstract | We consider the problem of approximate reduction of non-deterministic automata that appear in hardware-accelerated network intrusion detection systems (NIDSes). We define an error distance of a reduced automaton from the original one as the probability of packets being incorrectly classified by the reduced automaton (wrt the probabilistic distribution of packets in the network traffic). We use this notion to design an approximate reduction procedure that achieves a great size reduction (much beyond the state-of-the-art language preserving techniques) with a controlled and small error. We have implemented our approach and evaluated it on use cases from Snort , a popular NIDS. Our results provide experimental evidence that the method can be highly efficient in practice, allowing NIDSes to follow the rapid growth in the speed of networks. | en |
| dc.description.abstract | Článek se zaobírá přibližnou redukcí konečných automatů pro detekci útoků ve vysokorychlostních sítích. | cs |
| dc.format | text | cs |
| dc.format.extent | 155-175 | cs |
| dc.format.mimetype | application/pdf | cs |
| dc.language.iso | en | cs |
| dc.publisher | Springer Verlag | cs |
| dc.relation.ispartof | Lecture Notes in Computer Science | cs |
| dc.relation.uri | https://www.fit.vut.cz/research/publication/11657/ | cs |
| dc.rights | Creative Commons Attribution 4.0 International | cs |
| dc.rights.uri | http://creativecommons.org/licenses/by/4.0/ | cs |
| dc.subject | approximate reduction | en |
| dc.subject | probabilistic distance | en |
| dc.subject | finite automata | en |
| dc.subject | probabilistic automaton | en |
| dc.subject | network intrusion detection | en |
| dc.title | Approximate Reduction of Finite Automata for High-Speed Network Intrusion Detection | en |
| dc.title.alternative | Přibližná redukce konečných automatů pro detekci útoků ve vysokorychlostních sítích | cs |
| thesis.grantor | Vysoké učení technické v Brně. Fakulta informačních technologií. Ústav inteligentních systémů | cs |
| sync.item.dbid | VAV-147192 | en |
| sync.item.dbtype | VAV | en |
| sync.item.insts | 2022.10.03 12:53:33 | en |
| sync.item.modts | 2022.10.03 12:14:45 | en |
| dc.coverage.issue | 2 | cs |
| dc.coverage.volume | 10806 | cs |
| dc.identifier.doi | 10.1007/978-3-319-89963-3_9 | cs |
| dc.rights.access | openAccess | cs |
| dc.rights.sherpa | http://www.sherpa.ac.uk/romeo/issn/0302-9743/ | cs |
| dc.type.driver | conferenceObject | en |
| dc.type.status | Peer-reviewed | en |
| dc.type.version | publishedVersion | en |
Files in this item
This item appears in the following Collection(s)
Except where otherwise noted, this item's license is described as Creative Commons Attribution 4.0 International