Signature Matching with Weighted Automata

• Main Authors: Chia-Ming Chang, 張家銘
• Other Authors: 顏嗣鈞
• Format: Others
• Language: en_US
• Published: 2010
• Online Access: http://ndltd.ncl.edu.tw/handle/46300675488932721560

碩士 === 國立臺灣大學 === 電機工程學研究所 === 98 === The Internet has become popular and easy to use for everyone in the world. Network Intrusion Detection Systems (NIDS) are useful for preventing attacks from malicious users. The automata-based solutions are useful for signature matching in NIDS. Representing NIDS signatures as deterministic finite state automata results in very fast matching speed but the memory usage would blowup, on the other hand, using nondeterministic finite state automata to match signatures results in very small memory usage but slow signature matching. Variant finite state automata have been introduced for signature matching in NIDS in several papers. For example, extended finite automata (XFA) is fast and small memory usage but it needs a manual configuration and large construction time. Another example is multiple-DFA, it provide a mechanism to trade memory usage for time by enforcing an upper bound on the available memory. In this thesis, we introduce another method to match signatures in NIDS by using weighted automata, which is fast and fully automatic. By controlling the semiring of weighted automata we could tune performance and memory usage of the weighted automata. We also provide several algorithms for constructing weighted automata to match signatures.