| 网络入侵检测中多模式匹配的状态编码方法 |
| |
| 引用本文: | 吴碧海,赵有健. 网络入侵检测中多模式匹配的状态编码方法[J]. 清华大学学报(自然科学版), 2009, 49(4): 612-615 |
| |
| 作者姓名: | 吴碧海 赵有健 |
| |
| 作者单位: | 清华大学计算机科学与技术系,北京,100084;清华大学计算机科学与技术系,北京,100084 |
| |
| 基金项目: | 国家自然科学基金资助项目(90604029,60773150);;国家“八六三”高新技术项目(2007AA01Z219) |
| |
| 摘 要: | 为了减少网络入侵检测系统的硬件实现方案中自动机占用的存储容量,提出了一种自动机状态的编码方法。该方法通过对自动机状态重新进行编号,使得多个状态能够用一个通配编号来表示,这样自动机中具有相同输入和下一状态的多条变迁就能被聚合为一条,大大减小了需要存储的变迁数目。可以证明状态编码方法能够将变迁数目减小到理论上最小值同时保证自动机恒定的处理速率。实验表明,对于常见特征串集,该方法可以将变迁数目减小98.9%以上。
|
| 关 键 词: | 网络入侵检测系统 多模式匹配 状态编码 自动机 |
State encoding for multi-pattern matching for network intrusion detection |
| |
| WU Bihai,ZHAO Youjian. State encoding for multi-pattern matching for network intrusion detection[J]. Journal of Tsinghua University(Science and Technology), 2009, 49(4): 612-615 |
| |
| Authors: | WU Bihai ZHAO Youjian |
| |
| Affiliation: | Department of Computer Science & Technology;Tsinghua University;Beijing 100084;China |
| |
| Abstract: | A state encoding scheme was developed to reduce the storage for the Deterministic Finite Automaton(DFA) in hardware-based Network Intrusion Detection System(NIDS).The scheme greatly reduces the number of transitions by re-encoding the DFA states so that multiple states can be represented by one number and transitions with the same input to the next state can be combined into one transfer.Theoretical analyses prove that this state encoding scheme minimizes the number of transitions while maintaining the best... |
| |
| Keywords: | NIDS multi-pattern matching state encoding DFA |
| 本文献已被 CNKI 万方数据 等数据库收录! |
