A Bloom Filter Application of Network Processor for High-Speed Filtering Buffer-Overflow Worm |
Kim Ik-Kyun
(ETRI, Information Security Division)
Oh Jin-Tae (ETRI, Information Security Division) Jang Jong-Soo (ETRI, Information Security Division) Sohn Sung-Won (ETRI, Information Security Division) Han Ki-Jun (Kyungpook National University, Computer Engineering Department) |
1 | E. Chien, and P. Szor, 'Blended Attacks Exploits, Vulnerabilities and. Buffer-Overflow Techniques in Computer Viruses,' In Proc. of Virus. Bulletin Conf, 2002 |
2 | S. Bradner, J. McQuaid, 'Benchmarking Metho-dology for Network Interconnect Devices', IETF, RFC2544, 1999 |
3 | T. Toth and C. Krugel, Accurate buffer overflow detection via abstract payload execution. In RAID, pages 274-291; 2002 |
4 | B. Bloom. Space/time trade-offs in hash coding with allowable errors, Communication of the ACM 13(7):422-426, July 1970 DOI |
5 | R. Fanklin, D. Caraver, and B. Hutchings. Assisting network intrusion detection with reconfigurable hardware. In Proceedings from Field Programmable Custom Computing Machines, 2002 DOI |
6 | J. Gustafson. Re-evaluating Amdahl's law. Communications of the ACM, 31(5), 532--533, May 1988 DOI ScienceOn |
7 | V. Paxson, Bro: A System for Detecting Network Intruders in Real-Time, Computer Networks, 31(23-24), pp. 2435-2463, 14 Dec. 1999 DOI ScienceOn |
8 | S. Dharmapurikar and P. Krishnamurthy and T. Sproull and J. Lockwood, Deep packet inspection using parallel Bloom filters, in Hot Interconnects, (Stanford, CA), pp. 44-51, Aug. 2003 |
9 | International Organization for Standardization Information Processing Systems. Data Communication High-Level Data Link Control Procedure. Frame Structure. ISO 3309, Oct, 1984 |
10 | Andrei Broder, Michael Mitzenmacherz, 'Network Applications of Bloom Filter : Survey', In 40th Conference on Communication, Control, and Computing, 2002 |
11 | L. Fan, P. Cao, J. Almeida, and A. Z. Broder. Summary cache: a scalable wide-area Web cache sharing protocol. IEEE/ACM Transac-tions on Networking, 8(3):281-293, 2000 DOI ScienceOn |
12 | R. Chinchani and E. van den Berg. A fast static analysis approach to detect exploit code inside network flows. In RAID 2005 |
13 | J, Coit, S. Staniford, and J.McAlemey. Towards faster string matching for intrusion detection or exceeding the speed of snort. In Proceedings of DISCEX II, June 2001 DOI |
14 | R. Sidhu and V. K. Prasanna. Fast Regular Expression Matching using FPGAs. In IEEE Symposium on Field-Programmable Custom ComputingMachines (FCCM), Rohnert Park, CA, USA, Apr. 2001 |
15 | S. C. Rhea and J. Kubiatowicz. In Proc. of INFOCOM-02, June 2002 DOI |
16 | A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent, and W. T. Strayer. Hash-Based IP traceback. In Proceedings of the ACM SIGCOMM 2001 Conference (SIGCOMM-01), volume 31:4 of Computer Communication Review, August 2001 DOI |
17 | M. Roesch. SNORT-lightweight intrusion detec-tion for networks. In Proceedings of the 13th Systems Administration Conference, 1999 |
18 | J. W. Lockwood, 'Evolvable Internet Hardware Platforms', Evolvable Hardware Workshop, Long Beach, CA, USA, July 12-14, 2001, pp. 271-279 DOI |
19 | O. Kolesnikov and W. Lee. Advanced poly-morphic worms : Evading IDS by blending in with normal traffic. Technical report, Georgia Tech, 2004 |