Efficient Signature Matching with Multiple Alphabet Compression Tables
|
|
- Julianna Booker
- 5 years ago
- Views:
Transcription
1 Efficient Signature Matching with Multiple Alphabet Compression Tables Shijin Kong Randy Smith Cristian Estan Presented at SecureComm, Istanbul, Turkey
2 Signature Matching Signature Matching a core component of network devices Operation (ideal): For a set of signatures, match all relevant sigs in a single pass over payload Many constraints Evolving, complex signatures Wirespeed operation Limited memory Active adversary
3 Regular Expressions and DFAs Regular expressions standard for writing sigs Buffer overflow: /^RETR\s[^\n]{}/ Format string attack: /^SITE\s+EXEC[^\n]*%[^\n]*%/ DFAs used for matching to input 3
4 DFA Operation State State State State 3 crt_state= 6 next_state= input_byte= if accept(next_state) alert
5 Matching with DFAs Advantages Fast minimal per-byte processing Composable combine many DFAs into one Disadvantages States are heavyweight ( KB each!) State-space explosion occurs when DFAs combined Memory exhausted with only a few DFAs! Workaround: many DFAs matched in parallel
6 Key: Reduce memory usage Strategy: aggressively reduce memory footprint, keep exec time low State State State State 3 Reduce size of transition tables 6 Reduce number of states 6
7 Main Contribution Multiple Alphabet Compression Tables Lightweight, applicable to hardware or software Compatible with other techniques Worst case = average case Results (in software) x to 7x memory reduction 3% - % execution time increase 7
8 Outline Introduction Alphabet Compression Tables Interacting with D FAs Experimental Results
9 Alphabet Compression: core observation State State State State 3 Some input symbols are equivalent; the transitions on those symbols at any state are identical. 6 9
10 Alphabet Compression Tables Alphabet compression table 3 State State State State 3 6 input_byte= index= crt_state= next_state=
11 Even further compression Alphabet compression table 3 State State State State 3 6
12 Even further compression Alphabet compression table 3 State State State State 3 6
13 Even further compression Alphabet compression table 3 State State State State 3 6 3
14 Multiple ACTs ACT ACT 3 3 State State State State 3 6 How do we know which ACT to use with which state?
15 Multiple ACTs ACT input_byte= crt_act= crt_state= ACT 3 3 State State State State 3 6 index= next_act= next_state=
16 Constructing Multiple ACTs Partition states appropriately for example: {S, S, S 3,, S n } { {S, S,}, {S, S 3, S 9,}, } Construct single ACT for each group of states See algorithm in paper 6
17 Partitioning States for ACTs Input: number of ACTs to use m, DFA D Output: a partition of states into m subsets Use greedy, heuristic approach: States = Set of all states in D; while (m>) { Subset = GetEquivClassPartition(States); AddToResult(Subset); States = States Subset; m--; } return Result; 7
18 How many Compression Tables? Eight ACTs is enough Avg trans per state Avg exec time
19 Outline Introduction Alphabet Compression Tables Interacting with D FAs Experimental Results 9
20 ACTs and D FAs Two kinds of redundancy a,b,c S S d e S3 a,b,c S a,b,c Symbols have identical behavior for large subsets of states Compress with (multiple) ACTs
21 ACTs and D FAs Two kinds of redundancy S a,b,c d e S S3 a,b,c e S f c h S e f h a,b,c S c Symbols have identical behavior for large subsets of states Compress with (multiple) ACTs Symbols at many states lead to common next states Compress with D FAs
22 D FAs: core observation For many pairs of states, the transitions for most characters are identical! State State State State 3 6 Idea: store only one copy Kumar et al (Sigcomm 6); Kumar et al (ANCS 6); Becchi et al (ANCS 7)
23 D FAs: core observation For many pairs of states, the transitions for most characters are identical! State State State State 3 6 Idea: store only one copy Kumar et al (Sigcomm 6); Kumar et al (ANCS 6); Becchi et al (ANCS 7) 3
24 D FAs Default transitions State State State State 3 Issue: good compression, potentially heavy runtime cost 6 input_byte= crt_state= next_state=
25 ACTs and D FAs Together Combine ACTs and D FAs to address both kinds of redundancy Procedure:. Apply D FA compression to DFAs. Apply multiple ACT compression to D FA results Only slight modification to ACT construction Add not handled here symbol Deal with default transitions
26 ACTs + D FAs Default transitions State State State State 3 6 6
27 ACTs + D FAs ACT State State State State 3 6 7
28 ACTs + D FAs ACT ACT State State State State 3 6 3
29 ACTs + D FAs index= ACT ACT State State State State index= input= crt_act= crt_state= next_act= next_state= 9
30 Outline Introduction Alphabet Compression Tables Interacting with D FAs Experimental Results 3
31 Experimental Setup HTTP, SMTP, FTP signatures Grouped by protocol and rule set (Snort or Cisco) DFA Set Splitting (Yu, 6) to cluster DFAs Provide memory bound a priori Heuristically combine into as few DFAs as possible Experiment Environment GB traces, run on 3. GHz P Exec time measured with cycle-accurate counters 3
32 Memory vs Time States DFAs States DFAs 6 States DFAs ideal 3
33 Memory vs Time Snort HTTP Cisco IPS HTTP Lowest mem, highest exec! 33
34 Memory vs Time Snort SMTP Cisco IPS SMTP Lowest mem, highest exec! 3
35 Conclusion Multiple alphabet compression tables Lightweight Applicable to hardware or software platforms Compatible with other techniques Provides better time vs. space performance x to 7x memory reduction 3% to % execution time increase Best technique a function of time, memory limits ACTs add superior design points 3
36 Efficient Signature Matching with Multiple Alphabet Compression Tables Thank you 36
37 intentionally blank 37
38 Regular Expressions and DFAs Regular expressions standard for writing sigs Buffer overflow: /^RETR\s[^\n]{}/ Format string attack: /^SITE\s+EXEC[^\n]*%[^\n]*%/ DFAs used for matching to input Header Payload C A 6 site exec % retr % \n \n S r s e t i t e r [^\n] [^\n] % S3 S \n [^\nrs] Match sig! 3
39 Memory Usage DFA ACT D FA ACT + D FA Snort HTTP Snort SMTP Snort FTP DFA ACT D FA ACT + D FA Cisco HTTP Cisco SMTP 9 3. Cisco FTP All results reported in megabytes (MB) 39
40 Memory vs Time Snort FTP Cisco IPS FTP
Improving Signature Matching using Binary Decision Diagrams
Improving Signature Matching using Binary Decision Diagrams Liu Yang, Rezwana Karim, Vinod Ganapathy Rutgers University Randy Smith Sandia National Labs Signature matching in IDS Find instances of network
More informationEfficient Signature Matching with Multiple Alphabet Compression Tables
Efficient Signature Matching with Multiple Alphabet Compression Tables Shijin Kong Randy Smith Cristian Estan Computer Sciences Department University of Wisconsin-Madison {krobin,smithr,estan}@cs.wisc.edu
More informationDesign of Deterministic Finite Automata using Pattern Matching Strategy
Design of Deterministic Finite Automata using Pattern Matching Strategy V. N. V Srinivasa Rao 1, Dr. M. S. S. Sai 2 Assistant Professor, 2 Professor, Department of Computer Science and Engineering KKR
More informationImproving NFA-based Signature Matching using Ordered Binary Decision Diagrams
Improving NFA-based Signature Matching using Ordered Binary Decision Diagrams Liu Yang, Rezwana Karim, Vinod Ganapathy, Randy Smith Rutgers University Sandia National Laboratories Abstract. Network intrusion
More informationComputer Sciences Department
Computer Sciences Department Signature Matching in Network Processing using SIMD/GPU Architectures Neelam Goyal Justin Ormont Randy Smith Karthikeyan Sankaralingam Cristian Estan Technical Report #1628
More informationConfigurable String Matching Hardware for Speeding up Intrusion Detection
Configurable String Matching Hardware for Speeding up Intrusion Detection Monther Aldwairi, Thomas Conte, Paul Franzon Dec 6, 2004 North Carolina State University {mmaldwai, conte, paulf}@ncsu.edu www.ece.ncsu.edu/erl
More informationAn Efficient Regular Expressions Compression Algorithm From A New Perspective
An Efficient Regular Expressions Compression Algorithm From A New Perspective Tingwen Liu, Yong Sun, Yifu Yang, Li Guo, Binxing Fang Institute of Computing Technology, Chinese Academy of Sciences, 119
More informationSSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification. Fang Yu, T.V. Lakshman, Martin Austin Motoyama, Randy H.
SSA: A Power and Memory Efficient Scheme to Multi-Match Packet Classification Fang Yu, T.V. Lakshman, Martin Austin Motoyama, Randy H. Katz Presented by: Discussion led by: Sailesh Kumar Packet Classification
More informationEnhancing Byte-Level Network Intrusion Detection Signatures with Context
Enhancing Byte-Level Network Intrusion Detection Signatures with Context Robin Sommer sommer@in.tum.de Technische Universität München Germany Vern Paxson vern@icir.org International Computer Science Institute
More informationAccelerating String Matching Using Multi-threaded Algorithm
Accelerating String Matching Using Multi-threaded Algorithm on GPU Cheng-Hung Lin*, Sheng-Yu Tsai**, Chen-Hsiung Liu**, Shih-Chieh Chang**, Jyuo-Min Shyu** *National Taiwan Normal University, Taiwan **National
More informationA SURVEY ON RECENT DFA COMPRESSION TECHNIQUES FOR DEEP PACKET INSPECTION IN NETWORK INTRUSION DETECTION SYSTEM
A SURVEY ON RECENT DFA COMPRESSION TECHNIQUES FOR DEEP PACKET INSPECTION IN NETWORK INTRUSION DETECTION SYSTEM 1 S.Prithi, 2 S.Sumathi 1 Department of CSE, RVS College of Engineering and Technology, Coimbatore.
More informationTOWARD ROBUST NETWORK PAYLOAD INSPECTION. Randy David Smith. A dissertation submitted in partial fulfillment of the requirements for the degree of
TOWARD ROBUST NETWORK PAYLOAD INSPECTION by Randy David Smith A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Computer Sciences) at the UNIVERSITY
More informationHardware-accelerated regular expression matching with overlap handling on IBM PowerEN processor
Kubilay Atasu IBM Research Zurich 23 May 2013 Hardware-accelerated regular expression matching with overlap handling on IBM PowerEN processor Kubilay Atasu, Florian Doerfler, Jan van Lunteren, and Christoph
More informationProject Proposal. ECE 526 Spring Modified Data Structure of Aho-Corasick. Benfano Soewito, Ed Flanigan and John Pangrazio
Project Proposal ECE 526 Spring 2006 Modified Data Structure of Aho-Corasick Benfano Soewito, Ed Flanigan and John Pangrazio 1. Introduction The internet becomes the most important tool in this decade
More informationGregex: GPU based High Speed Regular Expression Matching Engine
11 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing Gregex: GPU based High Speed Regular Expression Matching Engine Lei Wang 1, Shuhui Chen 2, Yong Tang
More informationFast Deep Packet Inspection with a Dual Finite Automata
1 Fast Deep Packet Inspection with a Dual Finite Automata Cong Liu Jie Wu Sun Yat-sen University Temple University gzcong@gmail.com jiewu@temple.edu Abstract Deep packet inspection, in which packet payloads
More informationTriBiCa: Trie Bitmap Content Analyzer for High-Speed Network Intrusion Detection
Dept. of Electrical and Computer Eng. : Trie Bitmap Content Analyzer for High-Speed Network Intrusion Detection N. Sertac Artan and Jonathan H. Chao 8 May 27 26th Annual IEEE Conference on Computer Communications
More informationFPGA Implementation of Token-Based Clam AV Regex Virus Signatures with Early Detection
IOSR Journal of Electronics and Communication Engineering (IOSR-JECE) e-issn: 2278-2834,p- ISSN: 2278-8735 PP 54-61 www.iosrjournals.org FPGA Implementation of Token-Based Clam AV Regex Virus Signatures
More informationDesign and Performance Analysis of a DRAM-based Statistics Counter Array Architecture
Design and Performance Analysis of a DRAM-based Statistics Counter Array Architecture Chuck Zhao 1 Hao Wang 2 Bill Lin 2 Jim Xu 1 1 Georgia Institute of Technology 2 University of California, San Diego
More informationNetwork Design Considerations for Grid Computing
Network Design Considerations for Grid Computing Engineering Systems How Bandwidth, Latency, and Packet Size Impact Grid Job Performance by Erik Burrows, Engineering Systems Analyst, Principal, Broadcom
More informationCS 432 Fall Mike Lam, Professor. Finite Automata Conversions and Lexing
CS 432 Fall 2017 Mike Lam, Professor Finite Automata Conversions and Lexing Finite Automata Key result: all of the following have the same expressive power (i.e., they all describe regular languages):
More informationDeep Packet Inspection of Next Generation Network Devices
Deep Packet Inspection of Next Generation Network Devices Prof. Anat Bremler-Barr IDC Herzliya, Israel www.deepness-lab.org This work was supported by European Research Council (ERC) Starting Grant no.
More informationDeflating the Big Bang: Fast and Scalable Deep Packet Inspection with Extended Finite Automata
Deflating the Big Bang: Fast and Scalable Deep Packet Inspection with Extended Finite Automata Randy Smith Cristian Estan Somesh Jha Shijin Kong Computer Sciences Department, University of Wisconsin-Madison
More informationKyoung Hwan Lim and Taewhan Kim Seoul National University
Kyoung Hwan Lim and Taewhan Kim Seoul National University Table of Contents Introduction Motivational Example The Proposed Algorithm Experimental Results Conclusion In synchronous circuit design, all sequential
More information소프트웨어기반고성능침입탐지시스템설계및구현
소프트웨어기반고성능침입탐지시스템설계및구현 KyoungSoo Park Department of Electrical Engineering, KAIST M. Asim Jamshed *, Jihyung Lee*, Sangwoo Moon*, Insu Yun *, Deokjin Kim, Sungryoul Lee, Yung Yi* Department of Electrical
More informationMATE-EC2: A Middleware for Processing Data with Amazon Web Services
MATE-EC2: A Middleware for Processing Data with Amazon Web Services Tekin Bicer David Chiu* and Gagan Agrawal Department of Compute Science and Engineering Ohio State University * School of Engineering
More informationSHARDS & Talus: Online MRC estimation and optimization for very large caches
SHARDS & Talus: Online MRC estimation and optimization for very large caches Nohhyun Park CloudPhysics, Inc. Introduction Efficient MRC Construction with SHARDS FAST 15 Waldspurger at al. Talus: A simple
More informationDEEP packet inspection, in which packet payloads are
310 IEEE TRANSACTIONS ON COMPUTERS, VOL. 62, NO. 2, FEBRUARY 2013 Fast Deep Packet Inspection with a Dual Finite Automata Cong Liu and Jie Wu, Fellow, IEEE Abstract Deep packet inspection, in which packet
More informationA Framework for Rule Processing in Reconfigurable Network Systems
A Framework for Rule Processing in Reconfigurable Network Systems Michael Attig and John Lockwood Washington University in Saint Louis Applied Research Laboratory Department of Computer Science and Engineering
More informationTelematics. 5rd Tutorial - LLC vs. MAC, HDLC, Flow Control, E2E-Arguments
19540 - Telematics 5rd Tutorial - LLC vs. MAC, HDLC, Flow Control, E2E-Arguments Matthias Wa hlisch Department of Mathematics and Computer Science Institute of Computer Science 19. November, 2009 Institute
More informationVulnerabilities in MLC NAND Flash Memory Programming: Experimental Analysis, Exploits, and Mitigation Techniques
Vulnerabilities in MLC NAND Flash Memory Programming: Experimental Analysis, Exploits, and Mitigation Techniques Yu Cai, Saugata Ghose, Yixin Luo, Ken Mai, Onur Mutlu, Erich F. Haratsch February 6, 2017
More informationLEoNIDS: a Low-latency and Energyefficient Intrusion Detection System
LEoNIDS: a Low-latency and Energyefficient Intrusion Detection System Nikos Tsikoudis Thesis Supervisor: Evangelos Markatos June 2013 Heraklion, Greece Low-Power Design Low-power systems receive significant
More informationProject Proposal. ECE 526 Spring Modified Data Structure of Aho-Corasick. Benfano Soewito, Ed Flanigan and John Pangrazio
Project Proposal ECE 526 Spring 2006 Modified Data Structure of Aho-Corasick Benfano Soewito, Ed Flanigan and John Pangrazio 1. Introduction The internet becomes the most important tool in this decade
More informationSupporting Service Differentiation for Real-Time and Best-Effort Traffic in Stateless Wireless Ad-Hoc Networks (SWAN)
Supporting Service Differentiation for Real-Time and Best-Effort Traffic in Stateless Wireless Ad-Hoc Networks (SWAN) G. S. Ahn, A. T. Campbell, A. Veres, and L. H. Sun IEEE Trans. On Mobile Computing
More informationActivity-Based Congestion Management for Fair Bandwidth Sharing in Trusted Packet Networks
Communication Networks Activity-Based Congestion Management for Fair Bandwidth Sharing in Trusted Packet Networks Michael Menth and Nikolas Zeitler http://kn.inf.uni-tuebingen.de Outline The problem Definition
More informationJacobsSNMP. Siarhei Kuryla. May 10, Networks and Distributed Systems seminar
JacobsSNMP Siarhei Kuryla Networks and Distributed Systems seminar May 10, 2010 Simple Network Management Protocol protocol for exchange of management information; exposes management data in the form of
More informationPLB-HeC: A Profile-based Load-Balancing Algorithm for Heterogeneous CPU-GPU Clusters
PLB-HeC: A Profile-based Load-Balancing Algorithm for Heterogeneous CPU-GPU Clusters IEEE CLUSTER 2015 Chicago, IL, USA Luis Sant Ana 1, Daniel Cordeiro 2, Raphael Camargo 1 1 Federal University of ABC,
More informationSpace-Time Tradeoffs in Software-Based Deep Packet Inspection
Space-Time Tradeoffs in Software-ased eep Packet Inspection nat remler-arr I Herzliya, Israel Yotam Harchol avid Hay Hebrew University, Israel. OWSP Israel 2011 (Was also presented in I HPSR 2011) Parts
More informationW is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation
W is a Firewall firewall = wall to protect against fire propagation Internet Security: Firewall More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationSmartMD: A High Performance Deduplication Engine with Mixed Pages
SmartMD: A High Performance Deduplication Engine with Mixed Pages Fan Guo 1, Yongkun Li 1, Yinlong Xu 1, Song Jiang 2, John C. S. Lui 3 1 University of Science and Technology of China 2 University of Texas,
More informationReliably Scalable Name Prefix Lookup! Haowei Yuan and Patrick Crowley! Washington University in St. Louis!! ANCS 2015! 5/8/2015!
Reliably Scalable Name Prefix Lookup! Haowei Yuan and Patrick Crowley! Washington University in St. Louis!! ANCS 2015! 5/8/2015! ! My Topic for Today! Goal: a reliable longest name prefix lookup performance
More informationMulti-Byte Regular Expression Matching with Speculation
Multi-Byte Regular Expression Matching with Speculation Daniel Luchaup 1 Randy Smith 1 Cristian Estan 2 Somesh Jha 1 1 University of Wisconsin-Madison, {luchaup,smithr,jha}@cs.wisc.edu 2 NetLogic Microsystems,
More informationDecision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA
Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA Weirong Jiang, Viktor K. Prasanna University of Southern California Norio Yamagaki NEC Corporation September 1, 2010 Outline
More informationInvestigating Transparent Web Proxies in Cellular Networks
Investigating Transparent Web Proxies in Cellular Networks Xing Xu, Yurong Jiang, Tobias Flach, Ethan Katz-Bassett, David Choffnes, Ramesh Govindan USC & Northeastern University March 20, 2015 Introduction
More informationPolygraph: Automatically Generating Signatures for Polymorphic Worms
Polygraph: Automatically Generating Signatures for Polymorphic Worms James Newsome Brad Karp Dawn Song Presented by: Jeffrey Kirby Overview Motivation Polygraph Signature Generation Algorithm Evaluation
More informationCS 268: Route Lookup and Packet Classification
Overview CS 268: Route Lookup and Packet Classification Packet Lookup Packet Classification Ion Stoica March 3, 24 istoica@cs.berkeley.edu 2 Lookup Problem Identify the output interface to forward an incoming
More informationJaal: Towards Network Intrusion Detection at ISP Scale
Jaal: Towards Network Intrusion Detection at ISP Scale A. Aqil, K. Khalil, A. Atya, E. Paplexakis, S. Krishnamurthy, KK. Ramakrishnan University of California Riverside T. Jaeger Penn State University
More informationInternet Security: Firewall
Internet Security: Firewall What is a Firewall firewall = wall to protect against fire propagation More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationFootprint-based Locality Analysis
Footprint-based Locality Analysis Xiaoya Xiang, Bin Bao, Chen Ding University of Rochester 2011-11-10 Memory Performance On modern computer system, memory performance depends on the active data usage.
More informationLECTURE 12. Virtual Memory
LECTURE 12 Virtual Memory VIRTUAL MEMORY Just as a cache can provide fast, easy access to recently-used code and data, main memory acts as a cache for magnetic disk. The mechanism by which this is accomplished
More informationAutomated Traffic Classification and Application Identification using Machine Learning. Sebastian Zander, Thuy Nguyen, Grenville Armitage
Automated Traffic Classification and Application Identification using Machine Learning Sebastian Zander, Thuy Nguyen, Grenville Armitage {szander,tnguyen,garmitage}@swin.edu.au Centre for Advanced Internet
More information1 o Semestre 2007/2008
Efficient Departamento de Engenharia Informática Instituto Superior Técnico 1 o Semestre 2007/2008 Outline 1 2 3 4 5 6 7 Outline 1 2 3 4 5 6 7 Text es An index is a mechanism to locate a given term in
More informationA Novel Approach to Detect and Prevent Known and Unknown Attacks in Local Area Network
International Journal of Wireless Communications, Networking and Mobile Computing 2016; 3(4): 43-47 http://www.aascit.org/journal/wcnmc ISSN: 2381-1137 (Print); ISSN: 2381-1145 (Online) A Novel Approach
More informationA Clustering Approach to the Bounded Diameter Minimum Spanning Tree Problem Using Ants. Outline. Tyler Derr. Thesis Adviser: Dr. Thang N.
A Clustering Approach to the Bounded Diameter Minimum Spanning Tree Problem Using Ants Tyler Derr Thesis Adviser: Dr. Thang N. Bui Department of Math & Computer Science Penn State Harrisburg Spring 2015
More informationA Hybrid Approach for Accurate Application Traffic Identification
A Hybrid Approach for Accurate Application Traffic Identification Thesis Defence December 21, 2005 Young J. Won yjwon@postech.ac.kr Distributed Processing & Network Management Lab. Dept. of Computer Science
More informationTrack Join. Distributed Joins with Minimal Network Traffic. Orestis Polychroniou! Rajkumar Sen! Kenneth A. Ross
Track Join Distributed Joins with Minimal Network Traffic Orestis Polychroniou Rajkumar Sen Kenneth A. Ross Local Joins Algorithms Hash Join Sort Merge Join Index Join Nested Loop Join Spilling to disk
More informationFeature Subset Selection using Clusters & Informed Search. Team 3
Feature Subset Selection using Clusters & Informed Search Team 3 THE PROBLEM [This text box to be deleted before presentation Here I will be discussing exactly what the prob Is (classification based on
More informationLab 4: Network Packet Capture and Analysis using Wireshark
Lab 4: Network Packet Capture and Analysis using Wireshark 4.1 Details Aim: To provide a foundation in network packet capture and analysis. You may be faced with network traffic analysis, from traffic
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 12
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 12 Announcements Project 2 is on the web. Due: March 15th Send groups to Jeff Vaughan (vaughan2@seas) by Thurs. Feb. 22nd. Plan for
More informationConfiguring Dashboards
CHAPTER 2 This chapter describes dashboards, and how to add and delete them. It contains the following topics: Understanding Dashboards, page 2-1 Adding and Deleting Dashboards, page 2-1 Understanding
More informationNOWADAYS, pattern matching is required in an increasing
IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 19, NO. 3, JUNE 2011 683 Differential Encoding of DFAs for Fast Regular Expression Matching Domenico Ficara, Member, IEEE, Andrea Di Pietro, Student Member, IEEE,
More informationCSCI 237 Sample Final Exam
Problem 1. (12 points): Multiple choice. Write the correct answer for each question in the following table: 1. What kind of process can be reaped? (a) Exited (b) Running (c) Stopped (d) Both (a) and (c)
More informationSWM: Simplified Wu-Manber for GPU-based Deep Packet Inspection
SWM: Simplified Wu-Manber for GPU-based Deep Packet Inspection Lucas Vespa Department of Computer Science University of Illinois at Springfield lvesp@uis.edu Ning Weng Department of Electrical and Computer
More informationLab Determining Data Storage Capacity
Lab 1.3.2 Determining Data Storage Capacity Objectives Determine the amount of RAM (in MB) installed in a PC. Determine the size of the hard disk drive (in GB) installed in a PC. Determine the used and
More informationAvailable Commands CHAPTER
CHAPTER 2 This chapter contains the Cisco IPS 6.2 commands listed in alphabetical order. It contains the following sections:. anomaly-detection load, page 2-4 anomaly-detection save, page 2-5 banner login,
More informationManaging SonicWall Gateway Anti Virus Service
Managing SonicWall Gateway Anti Virus Service SonicWall Gateway Anti-Virus (GAV) delivers real-time virus protection directly on the SonicWall security appliance by using SonicWall s IPS-Deep Packet Inspection
More informationChapter 8 Memory Management
Chapter 8 Memory Management Da-Wei Chang CSIE.NCKU Source: Abraham Silberschatz, Peter B. Galvin, and Greg Gagne, "Operating System Concepts", 9th Edition, Wiley. 1 Outline Background Swapping Contiguous
More informationCS399 New Beginnings. Jonathan Walpole
CS399 New Beginnings Jonathan Walpole Memory Management Memory Management Memory a linear array of bytes - Holds O.S. and programs (processes) - Each cell (byte) is named by a unique memory address Recall,
More informationExperiences with the Sparse Matrix-Vector Multiplication on a Many-core Processor
Experiences with the Sparse Matrix-Vector Multiplication on a Many-core Processor Juan C. Pichel Centro de Investigación en Tecnoloxías da Información (CITIUS) Universidade de Santiago de Compostela, Spain
More informationLecture: Large Caches, Virtual Memory. Topics: cache innovations (Sections 2.4, B.4, B.5)
Lecture: Large Caches, Virtual Memory Topics: cache innovations (Sections 2.4, B.4, B.5) 1 Techniques to Reduce Cache Misses Victim caches Better replacement policies pseudo-lru, NRU Prefetching, cache
More informationDeveloping MapReduce Programs
Cloud Computing Developing MapReduce Programs Dell Zhang Birkbeck, University of London 2017/18 MapReduce Algorithm Design MapReduce: Recap Programmers must specify two functions: map (k, v) * Takes
More informationKNOM Tutorial Internet Traffic Matrix Measurement and Analysis. Sue Bok Moon Dept. of Computer Science
KNOM Tutorial 2003 Internet Traffic Matrix Measurement and Analysis Sue Bok Moon Dept. of Computer Science Overview Definition of Traffic Matrix 4Traffic demand, delay, loss Applications of Traffic Matrix
More informationToward Fast Regex Pattern Matching using Simple Patterns
Toward Fast Regex Pattern Matching using Simple Patterns Mohammad Hashem Haghighat Department of Automation Tsinghua University Beijing, China l-a16@mails.tsinghua.edu.cn Jun Li Research Institute of Information
More informationThreshold-Based Markov Prefetchers
Threshold-Based Markov Prefetchers Carlos Marchani Tamer Mohamed Lerzan Celikkanat George AbiNader Rice University, Department of Electrical and Computer Engineering ELEC 525, Spring 26 Abstract In this
More informationSpeculative Synchronization: Applying Thread Level Speculation to Parallel Applications. University of Illinois
Speculative Synchronization: Applying Thread Level Speculation to Parallel Applications José éf. Martínez * and Josep Torrellas University of Illinois ASPLOS 2002 * Now at Cornell University Overview Allow
More informationHandling very large XML documents in an editing application
Handling very large XML documents in an editing application Presenter: Radu Coravu radu_coravu@oxygenxml.com @radu_coravu Bytes and characters The byte is a unit of digital information that most commonly
More informationPower of Slicing in Internet Flow Measurement. Ramana Rao Kompella Cristian Estan
Power of Slicing in Internet Flow Measurement Ramana Rao Kompella Cristian Estan 1 IP Network Management Network Operator What is happening in my network? How much traffic flows towards a given destination?
More informationLecture: Large Caches, Virtual Memory. Topics: cache innovations (Sections 2.4, B.4, B.5)
Lecture: Large Caches, Virtual Memory Topics: cache innovations (Sections 2.4, B.4, B.5) 1 More Cache Basics caches are split as instruction and data; L2 and L3 are unified The /L2 hierarchy can be inclusive,
More informationIntrusion Detection. October 19, 2018
Intrusion Detection October 19, 2018 Administrative submittal instructions answer the lab assignment s questions in written report form, as a text, pdf, or Word document file (no obscure formats please)
More informationApplication Detection
The following topics describe Firepower System application detection : Overview:, on page 1 Custom Application Detectors, on page 6 Viewing or Downloading Detector Details, on page 14 Sorting the Detector
More informationNetwork Security Platform 8.1
8.1.7.5-8.1.3.43 M-series Release Notes Network Security Platform 8.1 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product documentation
More informationSimply Top Talkers Jeroen Massar, Andreas Kind and Marc Ph. Stoecklin
IBM Research - Zurich Simply Top Talkers Jeroen Massar, Andreas Kind and Marc Ph. Stoecklin 2009 IBM Corporation Motivation and Outline Need to understand and correctly handle dominant aspects within the
More informationMemory Management. Dr. Yingwu Zhu
Memory Management Dr. Yingwu Zhu Big picture Main memory is a resource A process/thread is being executing, the instructions & data must be in memory Assumption: Main memory is super big to hold a program
More informationdrmt: Disaggregated Programmable Switching
drmt: Disaggregated Programmable Switching Sharad Chole, Andrew Fingerhut, Sha Ma (Cisco); Anirudh Sivaraman (MIT); Shay Vargaftik, Alon Berger, Gal Mendelson (Technion); Mohammad Alizadeh (MIT); Shang-
More informationChronix: Long Term Storage and Retrieval Technology for Anomaly Detection in Operational Data
Chronix: Long Term Storage and Retrieval Technology for Anomaly Detection in Operational Data FAST 2017, Santa Clara Florian Lautenschlager, Michael Philippsen, Andreas Kumlehn, and Josef Adersberger Florian.Lautenschlager@qaware.de
More informationSE Memory Consumption
Page 1 of 5 view online Overview Calculating the utilization of memory within a Service Engine (SE) is useful to estimate the number of concurrent connections or the amount of memory that may be allocated
More informationHIGH-PERFORMANCE NETWORK SECURITY USING NETWORK INTRUSION DETECTION SYSTEM APPROACH
Vol. 6 Special Issue 1 December 2017 ISSN: 2320-4168 HIGH-PERFORMANCE NETWORK SECURITY USING NETWORK INTRUSION DETECTION SYSTEM APPROACH M.Sathiya Assistant Professor, Department of Computer Science &
More informationApplied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.
Applied IT Security System Security Dr. Stephan Spitz Stephan.Spitz@de.gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System
More informationMcAfee Network Security Platform
Revision B McAfee Network Security Platform (8.1.7.5-8.1.3.43 M-series Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product
More informationAppendix B. Standards-Track TCP Evaluation
215 Appendix B Standards-Track TCP Evaluation In this appendix, I present the results of a study of standards-track TCP error recovery and queue management mechanisms. I consider standards-track TCP error
More informationS. Narravula, P. Balaji, K. Vaidyanathan, H.-W. Jin and D. K. Panda. The Ohio State University
Architecture for Caching Responses with Multiple Dynamic Dependencies in Multi-Tier Data- Centers over InfiniBand S. Narravula, P. Balaji, K. Vaidyanathan, H.-W. Jin and D. K. Panda The Ohio State University
More informationUMSSIA INTRUSION DETECTION
UMSSIA INTRUSION DETECTION INTRUSION DETECTION Sensor1 Event1, Event2 Monitor No intrusion M SensorN Event1, Event2 Alarm! IDS CHARACTERISTICS Characteristics an IDS can be classified/evaluated by: Type
More informationLossless Compression Algorithms
Multimedia Data Compression Part I Chapter 7 Lossless Compression Algorithms 1 Chapter 7 Lossless Compression Algorithms 1. Introduction 2. Basics of Information Theory 3. Lossless Compression Algorithms
More informationprecise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level)
Protocols precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level) all packets shipped from network to network as IP packets
More informationNovember Exam. University of Cape Town ~ Department of Computer Science Computer Science 3003S ~ 2009
University of Cape Town ~ Department of Computer Science Computer Science 3003S ~ 2009 November Exam Marks : 100 Time : 180 minutes Instructions: a) Answer ALL questions in Sections A and C. b) Answer
More informationCS 61C: Great Ideas in Computer Architecture (Machine Structures) Caches Part 2
CS 61C: Great Ideas in Computer Architecture (Machine Structures) Caches Part 2 Instructors: Bernhard Boser & Randy H Katz http://insteecsberkeleyedu/~cs61c/ 10/18/16 Fall 2016 - Lecture #15 1 Outline
More informationNetwork Security Platform 8.1
8.1.3.6-8.1.3.5 M-series Release Notes Network Security Platform 8.1 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product documentation
More informationSecurity: Worms. Presenter: AJ Fink Nov. 4, 2004
Security: Worms Presenter: AJ Fink Nov. 4, 2004 1 It s a War Out There 2 Analogy between Biological and Computational Mechanisms The spread of self-replicating program within computer systems is just like
More informationPRACTICE QUESTIONS FOR FINAL EXAMINATION Spring 2005
PRACTICE QUESTIONS FOR 15.561 FINAL EXAMINATION Spring 2005 CLARIFICATION: This is not a practice final but a collection of questions similar to those likely to be on the final. COMPUTER FUNDAMENTALS PRACTICE
More information12 Cache-Organization 1
12 Cache-Organization 1 Caches Memory, 64M, 500 cycles L1 cache 64K, 1 cycles 1-5% misses L2 cache 4M, 10 cycles 10-20% misses L3 cache 16M, 20 cycles Memory, 256MB, 500 cycles 2 Improving Miss Penalty
More information