Highly compressed Aho-Corasick automata for efficient intrusion detection

Zha, Xinyan; Sahni, Sartaj

doi:10.1109/iscc.2008.4625587

Cited by 6 publications

(2 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For this purpose the Aho-Corasick algorithm [10] is employed because it is a multi-pattern matching algorithm and it is scalable too [15]. Given a set of bot commands, as the pattern to search for, in the arriving IRC packets, the algorithm constructs a non-deterministic finite automation (NFA), which is employed to match all patterns at once.…”

Section: Detection Using Aho-corasick Nfamentioning

confidence: 99%

Lightweight C&C based botnet detection using Aho-Corasick NFA

Udhayan

Anitha²,

Hamsapriya³

2010

IJNSA

View full text Add to dashboard Cite

Botnet distinguishes itself from the previous malware by having the characteristics of a C&C channel, using which a Botmaster can control the constituents of the botnet. Even though protocols like IRC, HTTP and DNS are exploited to incorporate C&C channels, previous analysis have shown that the majority of the botnets are usually based on IRC. Consequently in this paper the Aho-Corasick NFA based detection is proposed to detect the C&C instructions which is exchanged in IRC run botnets. However the ability to detect botnet is limited to the existing bot commands. Therefore a counting process which analyses every IRC messages is introduced to detect the existence of malicious codes. This detection method and various existing methods have been evaluated using real-world network traces. The results show that the proposed C&C Instruction based IRC detection method can detect real-world botnets with high accuracy.

show abstract

Section: Detection Using Aho-corasick Nfamentioning

confidence: 99%

Lightweight C&C based botnet detection using Aho-Corasick NFA

Udhayan

Anitha²,

Hamsapriya³

2010

IJNSA

View full text Add to dashboard Cite

show abstract

“…As a result, DFAs are extensively used in many practical string processing applications that relate to the regular languages. These include searching through natural language texts (Drozdek, 2008, p. 702), network intrusion detection (Roesch, 1999;Zha & Sahni, 2008), lexical analysis (Aho, Lam, Sethi, & Ullman, 2006;Lesk & Schmidt, 1990) and biological sequence data processing (Roy & Aluru, 2014).…”

Section: Introductionmentioning

confidence: 99%

An Assessment of Algorithms for Deriving Failure Deterministic Finite Automata

Nxumalo

Kourie

Cleophas

et al. 2017

SACJ

View full text Add to dashboard Cite

Failure deterministic finite automata (FDFAs) represent regular languages more compactly than deterministic finite automata (DFAs). Four algorithms that convert arbitrary DFAs to language-equivalent FDFAs are empirically investigated. Three are concrete variants of a previously published abstract algorithm, the DFA-Homomorphic Algorithm (DHA). The fourth builds a maximal spanning tree from the DFA to derive what it calls a delayed input DFA. A first suite of test data consists of DFAs that recognise randomised sets of finite length keywords. Since the classical Aho-Corasick algorithm builds an optimal FDFA from such a set (and only from such a set), it provides benchmark FDFAs against which the performance of the general algorithms can be compared. A second suite of test data consists of random DFAs generated by a specially designed algorithm that also builds language-equivalent FDFAs, some of which may have non-divergent cycles. These random FDFAs provide (not necessarily tight) lower bounds for assessing the effectiveness of the four general FDFA generating algorithms.

show abstract

An Efficient AC Algorithm with GPU

Wei

Wang

et al. 2012

Procedia Engineering

View full text Add to dashboard Cite

Highly compressed Aho-Corasick automata for efficient intrusion detection

Cited by 6 publications

References 22 publications

Lightweight C&C based botnet detection using Aho-Corasick NFA

Lightweight C&C based botnet detection using Aho-Corasick NFA

An Assessment of Algorithms for Deriving Failure Deterministic Finite Automata

An Efficient AC Algorithm with GPU

Contact Info

Product

Resources

About