Multi-packet signature detection using prefix bloom filters

N. Sertac Artan, H. Jonathan Chao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

It is now a fact that manual defenses against worm epidemics are not practical. Recently, various automatic worm identification methods are proposed to be deployed at highspeed network nodes to respond in time to fast infection rates of worms. Unfortunately, these methods can easily be evaded by fragmentation of the worm packets. The straightforward defragmentation method is not applicable for these high-speed nodes, due to its high storage (memory) requirement. In this paper, this problem, namely the multi-packet signature detection problem is addressed using a defragmentation-free, spaceefficient solution. A new data structure - Prefix Bloom Filters along with a new heuristic, called the chain heuristic is proposed to significantly reduce the storage requirement of the problem, so that multi-packet signature detection becomes feasible for highspeed network nodes.

Original languageEnglish (US)
Title of host publicationGLOBECOM'05
Subtitle of host publicationIEEE Global Telecommunications Conference, 2005
Pages1811-1816
Number of pages6
DOIs
StatePublished - 2005
EventGLOBECOM'05: IEEE Global Telecommunications Conference, 2005 - St. Louis, MO, United States
Duration: Nov 28 2005Dec 2 2005

Publication series

NameGLOBECOM - IEEE Global Telecommunications Conference
Volume3

Other

OtherGLOBECOM'05: IEEE Global Telecommunications Conference, 2005
Country/TerritoryUnited States
CitySt. Louis, MO
Period11/28/0512/2/05

ASJC Scopus subject areas

  • General Engineering

Fingerprint

Dive into the research topics of 'Multi-packet signature detection using prefix bloom filters'. Together they form a unique fingerprint.

Cite this