Rong-Tai Liu scite author profile

Rong-Tai Liu

5Publications

58Citation Statements Received

7Citation Statements Given

How they've been cited

114

How they cite others

Affiliations

National Tsing Hua University

Publications

Order By: Most citations

A fast string-matching algorithm for network processor-based intrusion detection system

Liu

Huang²,

Chen

et al. 2004

ACM Trans. Embed. Comput. Syst.

View full text Add to dashboard Cite

Network intrusion detection systems (NIDSs) are one of the latest developments in security. The matching of packet strings against collected signatures dominates signature-based NIDS performance. Network processors are also one of the fastest growing segments of the semiconductor market, because they are designed to provide scalable and flexible solutions that can accommodate change quickly and economically. This work presents a fast string-matching algorithm (called FNP) over the network processor platform that conducts matching sets of patterns in parallel. This design also supports numerous practical features such as case-sensitive string matching, signature prioritization, and multiple-content signatures. This efficient multiple-pattern matching algorithm utilizes the hardware facilities provided by typical network processors instead of employing the external lookup co-processors. To verify the efficiency and practicability of the proposed algorithm, it was implemented on the Vitesse IQ2000 network processor platform. The searching patterns used in the present experiments are derived from the well-known Snort ruleset cited by most open-source and commercial NIDSs. This work shows that combining our string-matching methodology, hashing engine supported by most network processors, and characteristics of current Snort signatures frequently improves performance and reduces number of memory accesses compared to conventional string-matching algorithms. Another contribution of this work is to highlight that, besides total number of searching patterns, shortest pattern length is also a major influence on NIDS multipattern matching algorithm performance.

show abstract

A novel software-based MD5 checksum lookup scheme for anti-virus systems

Huang

Kao

Liu³

2011

View full text Add to dashboard Cite

Flow Digest: A State Replication Scheme for Stateful High Availability Cluster

Feng

Huang²,

Liu³

et al. 2007

View full text Add to dashboard Cite

Stateful tracking is a popular technique in firewall filtering and state replication is used to provide reliable connectivity. This paper proposes a new approach for improving existing state replication protocols which ensure state consistency amongst the nodes of a stateful HA cluster. Our goal is to develop a new scheme which reduces the update overhead in the face of both low and high connection loads in order to maximize the capacity and scalability of a high availability cluster. A new representation called flow digest is proposed. Also the ways to use flow digest structures to update state changes, recover the connections after a failover, and solve the state inconsistency are presented. The main advantage of the proposed method is to reduce the bandwidth consumption on state replication. The simulation results show that the proposed scheme reduces the number of update messages and, more importantly, eliminates typically at least 86% of bandwidth consumption compared to current solutions.

show abstract

A fast pattern matching algorithm for network processor-based intrusion detection system

Liu

Huang

Kao

et al.

View full text Add to dashboard Cite

Network Intrusion Detection Systems (NIDS) monitors packets on the network and attempts to discover if a hacker is attempting to break into a system. The matching of packet strings against collected signatures dominates signature-based NlDS performance. Network Processors are one of· the fastest growing segments of the semiconductor market. because they are designed to provide sca/able and flexible solutions that can accommodate change quicldy and economical/yo This work presents a fast string matching algorithm (called FNP) over lhe Network Processor platform that conducts matching sets of patterns in paral/el. FNP needs less number o[ memory accesses against conventionaL pattern-malching algorithms. Anather contribution of this work is to highlight that, besides lotal number of searching patterns. shortest pall ern length is also a major inf l uence on NlDS multi-pallern matching algorithm performance.

show abstract

A fast pattern-match engine for network processor-based network intrusion detection system

Liu

Huang

Kao³

et al. 2004

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Rong-Tai Liu

A fast string-matching algorithm for network processor-based intrusion detection system

A novel software-based MD5 checksum lookup scheme for anti-virus systems

Flow Digest: A State Replication Scheme for Stateful High Availability Cluster

A fast pattern matching algorithm for network processor-based intrusion detection system

A fast pattern-match engine for network processor-based network intrusion detection system

Contact Info

Product

Resources

About