RICS‐DFA: a space and time‐efficient signature matching algorithm with Reduced Input Character Set

Tang, Qiu; Jiang, Lei; Dai, Qiong; Su, Majing; Xie, Hongtao; Fang, Binxing

doi:10.1002/cpe.3940

Cited by 4 publications

(2 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most studies have focused on compression technologies [ 25 , 26 , 27 , 28 , 29 , 30 , 31 , 32 ] to restrain the DFA expansion problem. Classical compression algorithms such as D

FA [ 25 ] and A-DFA [ 26 ] were devised to reduce the space cost of DFA with performance guarantees.…”

Section: Introductionmentioning

confidence: 99%

Offset-FA: A Uniform Method to Handle Both Unbounded and Bounded Repetitions in Regular Expression Matching

Yu²,

Xu³

et al. 2022

Sensors

View full text Add to dashboard Cite

With the exponential growth of cyber–physical systems (CPSs), security challenges have emerged; attacks on critical infrastructure could result in catastrophic consequences. Intrusion detection is the foundation for CPS security protection, and deep-packet inspection is the primary method for signature-matched mechanisms. This method usually employs regular expression matching (REM) to detect possible threats in the packet payload. State explosion is the critical challenge for REM applications, which originates primarily from features of large character sets with unbounded (closures) or bounded (counting) repetitions. In this work, we propose Offset-FA to handle these repetitions in a uniform mechanism. Offset-FA eliminates state explosion by extracting the repetitions from the nonexplosive string fragments. Then, these fragments are compiled into a fragment-DFA, while a fragment relation table and a reset table are constructed to preserve their connection and offset relationship. To our knowledge, Offset-FA is the first automaton to handle these two kinds of repetitions together with a uniform mechanism. Experiments demonstrate that Offset-FA outperforms state-of-the-art solutions in both space cost and matching speed on the premise of matching correctness, and achieves a comparable matching speed with that of DFA on practical rule sets.

show abstract

“…Most studies have focused on compression technologies [ 25 , 26 , 27 , 28 , 29 , 30 , 31 , 32 ] to restrain the DFA expansion problem. Classical compression algorithms such as D

FA [ 25 ] and A-DFA [ 26 ] were devised to reduce the space cost of DFA with performance guarantees.…”

Section: Introductionmentioning

confidence: 99%

Offset-FA: A Uniform Method to Handle Both Unbounded and Bounded Repetitions in Regular Expression Matching

Yu²,

Xu³

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…In , Tang et al proposed an optimization algorithm to improve the efficiency in traffic classification system, network monitoring system and network intrusion detection system (NIDS). More specifically, they introduced a character escaping and replacing scheme to decrease the size of DFA's character set and to reduce DFA's space requirement through optimization.…”

mentioning

confidence: 99%

New advances in securing cyberspace and curbing crowdturfing

Niu

Batten

et al. 2017

Concurrency and Computation

View full text Add to dashboard Cite

EDITORIAL New advances in securing cyberspace and curbing crowdturfingCyberspace is reshaping the way businesses manage their sales and marketing assets. Unlike traditional media, such as TV, radio or newspapers, social media is characterized by freely available user-generated content. In addition to gaining phenomenal popularity as the web becomes accessible via all sorts of devices, they also have a strong influence on brands, making social media a force that many businesses can no longer ignore. However, among these network applications and services, it has been reported that some public relations companies hired people to post product comments on different online communities and social networks, without even consuming the services or products. While online paid posters can be used as an efficient e-marketing strategy, they can also act maliciously by spreading gossip or negative information about competitors. More specifically, a group of paid posters could operate with well-coordinated attacks and generate a desired result of positive or negative opinions, to attract attention or trigger curiosity. This kind of suspicious online behavior is known as 'crowdturfing' or 'astroturfing', which may mislead the public perception and bring a negative effect on both the Internet users and society.Technically, crowdturfing is closely related with other known suspicious online behaviors: spam email, fake review, social spam and link farming. Therefore, how to exploit the characteristics and behavior patterns of crowdturfing from the massive user information and user-generated content has become a challenging task. The research field is very extensive, and as a result, recent years have witnessed increasing research attentions on curbing crowdturfing in social networks like contentbased method, behavior-based methods, social relation-based methods and applications and open case study. This trend raised the need for launching this special issue, and we solicit the recent theoretical and application output in curbing crowdturfing. Based on the invited extension of the best work in the International Conference on Applications and Techniques in Information Security and an open call, four submissions have been accepted to best illustrate the recent directions and perspectives.The papers in this issue report a variety of methods in securing cyberspace and curbing crowdturfing and mainly involve the following aspects: the security algorithm optimization, the encryption scheme, abnormal behavior discovering and ciphertext update. These work proposed more security and efficiency schemes in various kinds of crowdturfing detection, traffic classification and monitoring systems, meanwhile against selective identity adaptively chosen-message attacks. Here, we provide an integrative perspective of this special issue, by summarizing each contribution contained therein.In [1], Tang et al. proposed an optimization algorithm to improve the efficiency in traffic classification system, network monitoring system and network intrusion detec...

show abstract