As part of network security processes, network intrusion detection systems (NIDSs) determine whether incoming packets contain malicious patterns. patternmatching, the key NIDS component, consumes large amounts of exe...
详细信息
As part of network security processes, network intrusion detection systems (NIDSs) determine whether incoming packets contain malicious patterns. patternmatching, the key NIDS component, consumes large amounts of execution time. One of several trends involving general-purpose processors (GPPs) is their use in software-based NIDSs. In this paper, we describe our proposal for an efficient and flexible pattern-matchingalgorithm for inspecting packet payloads using a head-body finite automaton (HBFA). The proposed algorithm takes advantage of multi-core GPP parallelism and single-instruction multiple-data operations to achieve higher throughput compared to that resulting from traditional deterministic finite automata (DFA) using the Aho-Corasick algorithm. Whereas the head-body matching (HBM) algorithm is based on pre-defined DFA depth value, our HBFA algorithm is based on head size. Experimental results using Snort and ClamAV pattern sets indicate that the proposed algorithm achieves up to 58% higher throughput compared to its HBM counterpart.
Network applications have been developed quickly during recent years, and communications between these applications involve a large quantity of data transfer through high speed networks. Deep packet inspection(DPI) be...
详细信息
Network applications have been developed quickly during recent years, and communications between these applications involve a large quantity of data transfer through high speed networks. Deep packet inspection(DPI) becomes indispensable to ensure network application-aware security. One of the DPI services is the signature-based network intrusion detection system(NIDS), in which the implementation on software platforms has become a trend due to the advantages of high programmability and low cost. Recently, the graphic processing units(GPU) is commonly used to accelerate the packet processing because of its superior parallel processing power. Since delivering all packets to GPU causes high data transfer latency and consequently restricts the overall performance, our previous study proposed a mechanism, HPMA, to reduce the effect of transfer bottleneck and achieve higher processing speed. In this paper, we introduce an enhancement of HPMA, a capability-based hybrid CPU/GPU pattern matching algorithm(CHPMA). A preliminary experiment shows that the CHPMA not only performs as efficient as the HPMA in most cases, but also obtains higher performance gain than the HPMA under unfavorable conditions.
A substation is integral to the functioning of a power grid, enabling the efficient and safe transmission and distribution of electrical energy to meet the demands of consumers. The digital transformation of critical ...
详细信息
A substation is integral to the functioning of a power grid, enabling the efficient and safe transmission and distribution of electrical energy to meet the demands of consumers. The digital transformation of critical infrastructures, particularly in the electric power sector, such as the emergence of intelligent substations, is a doubleedged sword. While it brings about efficiency improvements and consumer-centric advancements, it raises concerns about the heightened vulnerability to cyberattacks. This article proposes a new static-dynamic strategy for host security detection by implementing a system prototype and evaluating its detection accuracy. To reduce the subjectivity in manually selecting features, we combine classified protection for cybersecurity-related standards and construct the requirement generation algorithm to construct a network security detection standard library for the substation host. Based on this, we develop strategy generation algorithm to match the list of host detection projects to obtain the security detection strategy of the target host. Moreover, we output and analyze the detection logs to obtain a security detection report. The prototype is efficient and effective through practical use, and it serves as a practical tool in substation host security detection. The experiments suggest that the mechanism proposed in our study can operate at a high speed and demonstrates satisfactory performance in terms of detection.
The COVID-19 pandemic has become a challenge to our lives and affects us differently under certain circumstances. This project invites and assists participants in developing their awareness systems for COVID-19. The s...
详细信息
ISBN:
(纸本)9781665415071
The COVID-19 pandemic has become a challenge to our lives and affects us differently under certain circumstances. This project invites and assists participants in developing their awareness systems for COVID-19. The system comes with a set up consisting of standard information and the necessary coding explained to the participant. The findings are open and shared through an honor system. The awareness system consists of four embedded subsystems known as diagnostics systems, simulation, tracing, and pattern-matching systems. The diagnostic system uses inference rules to generate an outcome by diseases with the same symptoms related to CDVID-19. The skeleton for the simulation system works as a game, depicting how the virus enters and interacts with the body's cells with different four scenarios such as involved in defeating the body's cell, defeating the virus, neutral coexistence of the virus and enclosure, and at best, turning into a positive virus. At that stage of defeating the body's cell, the virus will replicate itself by an assigned degree with a recursive behavior. The tracing system traces the COVID-19 and the participant's health using red, green, and blue (RGB) colors. The combination of RGB creates more than 16 million using 24 bits in binary or hexadecimal. The red color reserves for COVID-19, with 16 shades of red for a symptom with a 16 degree of severity. The pattern-matching system's skeleton provides four databases for asymptomatic, mild, severe, and fatal cases. The digitized information will quickly identify the pattern. One database may compare with another database for similarities or differences. The transfer of learning from one system can flow into another, ultimately resulting in a solution pattern. This project's implication will guide others to initiate their participant system to find a way and formulate a solution.
Deep Packet Inspection(DPI)at the core of many monitoring appliances,such as NIDS,NIPS,plays a major *** is beneficial to content providers and censorship to monitor network ***,the surge of network traffic has put tr...
详细信息
Deep Packet Inspection(DPI)at the core of many monitoring appliances,such as NIDS,NIPS,plays a major *** is beneficial to content providers and censorship to monitor network ***,the surge of network traffic has put tremendous pressure on the performance of *** fact,the sensitive content being monitored is only a minority of network traffic,that is to say,most is undesired.A close look at the network traffic,we found that it contains many undesired high frequency content(UHC)that are not *** everyone knows,the key to improve DPI performance is to skip as many useless characters as ***,researchers generally study the algorithm of skipping useless characters through sensitive content,ignoring the high-frequency non-sensitive *** fill this gap,in this literature,we design a model,named Fast AC Model with Skipping(FAMS),to quickly skip UHC while scanning *** model consists of a standard AC automaton,where the input traffic is scanned byte-by-byte,and an additional sub-model,which includes a mapping set and UHC matching *** mapping set is a bridge between the state node of AC and UHC matching model,while the latter is to select a matching function from hash and fingerprint *** experiments show promising results that we achieve a throughput gain of 1.3-2.6 times the original throughput and 1.1-1.3 times Barr’s double path method.
Data analysis is one of the research hotspots in the field of computer forensics. In the file system of the computer, there are files created and browsed by the user. The file contains information such as user informa...
详细信息
ISBN:
(纸本)9781450377447
Data analysis is one of the research hotspots in the field of computer forensics. In the file system of the computer, there are files created and browsed by the user. The file contains information such as user information and transaction processing. This information can help forensic agency solve query valuable information, computer forensics, and other illegal and criminal activities. But how to find valuable information from a large amount of computer data is a major challenge. In order to achieve this goal, this paper proposes an information intelligent search method for computer forensics based on text similarity. This method is divided into two processes. First, information extraction technology is used to obtain the summary and keyword information of each text file on the computer. Then combine text similarity and keyword search algorithm to realize the search and analysis of semantic text. The experimental results show that this method can effectively solve the defects of traditional pattern matching algorithm and improve the effect of automatic data analysis.
The refined Cloud Imaging and Particle-Size (CIPS) cloud wind tracking algorithm is elaborated and the wind product is assessed against the Navy Operational Global Atmospheric Prediction System - Advanced Level Physic...
详细信息
The refined Cloud Imaging and Particle-Size (CIPS) cloud wind tracking algorithm is elaborated and the wind product is assessed against the Navy Operational Global Atmospheric Prediction System - Advanced Level Physics and High Altitude (NOGAPS-ALPHA) winds and the horizontal wind model (HWM14) climatological winds. Multiple searching frame sizes are adopted to generate the preliminary wind sets which are then merged and further edited based on the clustering of the similar wind directions (+/- 20 degrees). The mean values of the clusters within the sampling grids of 1.5 degrees x 1.5 degrees or 4.5 degrees x 4.5 degrees are taken as the final wind product. At the coincidences the CIPS and NOGAPS winds show a moderate degree of deterministic consistency. We have further shown that on the orbit-to-orbit basis when the NOGAPS modeled ice and CIPS measured ice correlate better, the wind agreement is also better. The difference in the two wind sets is most likely attributed to the NOGAPS temperature being deviated from the true temperature that will affect the geostrophic component of the winds and also to the fact that the CIPS winds are often ageostrophic and are cascaded into smaller scales. The CIPS zonal (westward) winds are decreased and then reversed in early June and late August whereas in the core of the season they are stronger. This overall variation pattern is shared by both NOGAPS and HWM14 zonal winds. Both NOGAPS and HWM14 zonal winds exhibit similar to 8-10 m/s difference between cases using all local times (LTs) and the CIPS LT range 13-23 h due to the dominant diurnal migrating tides, and this may partially interpret the weaker CIPS zonal winds. The meridional (equatorward) winds do not follow any established intra-seasonal variation pattern but rather the variability is susceptible to the sampling longitudes/latitudes.
In the era of the Cloud, a remote user connected from anywhere, anytime is provided with any form of access to the storage services. Internet of things is growing rapidly in all aspects and Cloud storage has become an...
详细信息
ISBN:
(纸本)9789811310591;9789811310584
In the era of the Cloud, a remote user connected from anywhere, anytime is provided with any form of access to the storage services. Internet of things is growing rapidly in all aspects and Cloud storage has become an essential aspect in the day to day life. Data Science and Big data analytics, and other technologies use the smart devices like personal Laptop, tablet and smartphone and enterprises are interested to store data and the transactions in Cloud data centres. However, cloud storage needs a secured transaction and authentication system. Cloud service providers need to provide high security at their storage level. Our approach combines Blowfish algorithm and patternmatching to secure the data in cloud data storage. pattern matching algorithm is the best algorithm in terms of time complexity and space complexity. Blowfish algorithm is a 16-round Fiestal algorithm, which is used to encrypt and decrypt the input files. This paper evaluates the hybrid Pat-Fish algorithm with DES, RSA, and Blowfish methods on text files. The standard evaluation parameters namely encryption time and decryption time are taken for performance comparison. This Pat-Fish approach yields less time for encryption and decryption compared to DES, RSA and Blowfish algorithms. This method is suitable for cloud storage to store the client data with security.
A signature-based intrusion detection system identifies intrusions by comparing the data traffic with known signature patterns. In this process, matching of packet strings against signature patterns is the most time-c...
详细信息
A signature-based intrusion detection system identifies intrusions by comparing the data traffic with known signature patterns. In this process, matching of packet strings against signature patterns is the most time-consuming step and dominates the overall system performance. Many signature-based network intrusion detection systems (NIDS), e.g., the Snort, employ one or multiple pattern matching algorithms to detect multiple attack types. So far, many pattern matching algorithms have been proposed. Most of them use single-byte standard unit for search, while a few algorithms such as the Modified Wu-Manber (MWM) algorithm use typically two-byte unit, which guarantees better performance than others even as the number of different signatures increases. Among those algorithms, the MWM algorithm has been known as the fastest pattern matching algorithm when the patterns in a rule set rarely appear in packets. However, the matching time of the MWM algorithm increases as the length of the shortest pattern in a signature group decreases. In this paper, by extending the length of the shortest pattern, we minimize the patternmatching time of the algorithm which uses multi-byte unit. We propose a new pattern matching algorithm called the L(+1)-MWM algorithm for multi-patternmatching. The proposed algorithm minimizes the performance degradation that is originated from the dependency on the length of the shortest pattern. We show that the L(+1)-MWM algorithm improves the performance of the MWM algorithm by as much as 20% in average under various lengths of shortest patterns and normal traffic conditions. Moreover, when the length of the shortest pattern in a rule set is less than 5, the L(+1)-MWM algorithm shows 38.87% enhancement in average. We also conduct experiments on a real campus network and show that 12.48% enhancement is obtained in average. In addition, it is shown that the L(+1)-MWM algorithm provides a better performance than the MWM algorithm by as much as 25% in a
With the help of advanced image acquisition and processing technology, the vision-based measurement methods have been broadly applied to implement the structural monitoring and condition identification of civil engine...
详细信息
With the help of advanced image acquisition and processing technology, the vision-based measurement methods have been broadly applied to implement the structural monitoring and condition identification of civil engineering structures. Many noncontact approaches enabled by different digital image processing algorithms are developed to overcome the problems in conventional structural dynamic displacement measurement. This paper presents three kinds of image processing algorithms for structural dynamic displacement measurement, i.e., the grayscale patternmatching (GPM) algorithm, the color patternmatching (CPM) algorithm, and the mean shift tracking (MST) algorithm. A vision-based system programmed with the three image processing algorithms is developed for multi-point structural dynamic displacement measurement. The dynamic displacement time histories of multiple vision points are simultaneously measured by the vision-based system and the magnetostrictive displacement sensor (MDS) during the laboratory shaking table tests of a three-story steel frame model. The comparative analysis results indicate that the developed vision-based system exhibits excellent performance in structural dynamic displacement measurement by use of the three different image processing algorithms. The field application experiments are also carried out on an arch bridge for the measurement of displacement influence lines during the loading tests to validate the effectiveness of the vision-based system.
暂无评论