Packet Payload Monitoring for Internet Worm Content Detection Using Deterministic Finite Automaton with Delayed Dictionary Compression
Packet content scanning is one of the crucial threats to network security and network monitoring applications. In monitoring applications, payload of packets in a network is matched against the set of patterns in order to detect attacks like worms, viruses, and protocol definitions. During network t...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Hindawi Limited
2014-01-01
|
| Series: | Journal of Computer Networks and Communications |
| Online Access: | http://dx.doi.org/10.1155/2014/206867 |
| id |
doaj-25c23c54e0114b68b49af73e10416822 |
|---|---|
| record_format |
Article |
| spelling |
doaj-25c23c54e0114b68b49af73e104168222020-11-24T21:54:04ZengHindawi LimitedJournal of Computer Networks and Communications2090-71412090-715X2014-01-01201410.1155/2014/206867206867Packet Payload Monitoring for Internet Worm Content Detection Using Deterministic Finite Automaton with Delayed Dictionary CompressionDivya Selvaraj0Padmavathi Ganapathi1Department of Computer Science, Avinashilingam Institute for Home Science and Higher Education for Women, Coimbatore 641043, IndiaDepartment of Computer Science, Avinashilingam Institute for Home Science and Higher Education for Women, Coimbatore 641043, IndiaPacket content scanning is one of the crucial threats to network security and network monitoring applications. In monitoring applications, payload of packets in a network is matched against the set of patterns in order to detect attacks like worms, viruses, and protocol definitions. During network transfer, incoming and outgoing packets are monitored in depth to inspect the packet payload. In this paper, the regular expressions that are basically string patterns are analyzed for packet payloads in detecting worms. Then the grouping scheme for regular expression matching is rewritten using Deterministic Finite Automaton (DFA). DFA achieves better processing speed during regular expression matching. DFA requires more memory space for each state. In order to reduce memory utilization, decompression technique is used. Delayed Dictionary Compression (DDC) is applied for achieving better speeds in the communication links. DDC achieves decoding latency during compression of payload packets in the network. Experimental results show that the proposed approach provides better time consumption and memory utilization during detection of Internet worm attacks.http://dx.doi.org/10.1155/2014/206867 |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Divya Selvaraj Padmavathi Ganapathi |
| spellingShingle |
Divya Selvaraj Padmavathi Ganapathi Packet Payload Monitoring for Internet Worm Content Detection Using Deterministic Finite Automaton with Delayed Dictionary Compression Journal of Computer Networks and Communications |
| author_facet |
Divya Selvaraj Padmavathi Ganapathi |
| author_sort |
Divya Selvaraj |
| title |
Packet Payload Monitoring for Internet Worm Content Detection Using Deterministic Finite Automaton with Delayed Dictionary Compression |
| title_short |
Packet Payload Monitoring for Internet Worm Content Detection Using Deterministic Finite Automaton with Delayed Dictionary Compression |
| title_full |
Packet Payload Monitoring for Internet Worm Content Detection Using Deterministic Finite Automaton with Delayed Dictionary Compression |
| title_fullStr |
Packet Payload Monitoring for Internet Worm Content Detection Using Deterministic Finite Automaton with Delayed Dictionary Compression |
| title_full_unstemmed |
Packet Payload Monitoring for Internet Worm Content Detection Using Deterministic Finite Automaton with Delayed Dictionary Compression |
| title_sort |
packet payload monitoring for internet worm content detection using deterministic finite automaton with delayed dictionary compression |
| publisher |
Hindawi Limited |
| series |
Journal of Computer Networks and Communications |
| issn |
2090-7141 2090-715X |
| publishDate |
2014-01-01 |
| description |
Packet content scanning is one of the crucial threats to network security and network monitoring applications. In monitoring applications, payload of packets in a network is matched against the set of patterns in order to detect attacks like worms, viruses, and protocol definitions. During network transfer, incoming and outgoing packets are monitored in depth to inspect the packet payload. In this paper, the regular expressions that are basically string patterns are analyzed for packet payloads in detecting worms. Then the grouping scheme for regular expression matching is rewritten using Deterministic Finite Automaton (DFA). DFA achieves better processing speed during regular expression matching. DFA requires more memory space for each state. In order to reduce memory utilization, decompression technique is used. Delayed Dictionary Compression (DDC) is applied for achieving better speeds in the communication links. DDC achieves decoding latency during compression of payload packets in the network. Experimental results show that the proposed approach provides better time consumption and memory utilization during detection of Internet worm attacks. |
| url |
http://dx.doi.org/10.1155/2014/206867 |
| work_keys_str_mv |
AT divyaselvaraj packetpayloadmonitoringforinternetwormcontentdetectionusingdeterministicfiniteautomatonwithdelayeddictionarycompression AT padmavathiganapathi packetpayloadmonitoringforinternetwormcontentdetectionusingdeterministicfiniteautomatonwithdelayeddictionarycompression |
| _version_ |
1725869187256025088 |