Sciweavers

Share
SIGCOMM
2010
ACM

NetShield: massive semantics-based vulnerability signature matching for high-speed networks

9 years 2 months ago
NetShield: massive semantics-based vulnerability signature matching for high-speed networks
Accuracy and speed are the two most important metrics for Network Intrusion Detection/Prevention Systems (NIDS/NIPSes). Due to emerging polymorphic attacks and the fact that in many cases regular expressions (regexes) cannot capture the vulnerability conditions accurately, the accuracy of existing regex-based NIDS/NIPS systems has become a serious problem. In contrast, the recently-proposed vulnerability signatures [10, 29] (a.k.a. data patches) can exactly describe the vulnerability conditions and achieve better accuracy. However, how to efficiently apply vulnerability signatures to high speed NIDS/NIPS with a large ruleset remains an untouched but challenging issue. This paper presents the first systematic design of vulnerability signature based parsing and matching engine, NetShield, which achieves multi-gigabit throughput while offering much better accuracy. Particularly, we made the following contributions: (i) we proposed a candidate selection algorithm which efficiently matches...
Zhichun Li, Gao Xia, Hongyu Gao, Yi Tang, Yan Chen
Added 06 Dec 2010
Updated 06 Dec 2010
Type Conference
Year 2010
Where SIGCOMM
Authors Zhichun Li, Gao Xia, Hongyu Gao, Yi Tang, Yan Chen, Bin Liu, Junchen Jiang, Yuezhou Lv
Comments (0)
books