Abstract
In this paper we propose an extension to the Aho-Corasick algorithm to detect injection of characters introduced by a malicious attacker. We show how this is achieved without significantly increasing the size of the finite-state pattern matching machine of the Aho-Corasick algorithm. Moreover, the machine would detect a match only if the number of stuffed characters is within a specified limit so that the number of false positives remains low. A comparison of the CPU time consumption between Aho-Corasick algorithm and the proposed algorithm is provided. It was found the proposed algorithm can outperform the Aho-Corasick, while ignoring the stuffed characters and detecting a valid match.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
J. McHugh, A. Christie, J. Allen, “Defending yourself: The role of intrusion detection systems,” Software, vol. 17, no. 5, pp. 42-51, September 2002.
K.K Tseng, Y.C. Lai, Y.D. Lin, and T.H. Lee, “A Fast Scalable Automaton Matching Accelerator for Embedded Content Processors,” ACM SIGARCH Computer Architecture News, vol. 35 Issue 3, pp 38-43, June 2007
Snort, http://www.snort.org
A. V. Aho and M. J. Corasick, “Efficient string matching: An aid to bibliographic search,” Communications of the ACM, vol. 18, no. 6, pp. 333–340, 1975.
M. Alicherry, M. Muthuprasanna, and V. Kumar, “High speed pattern matching for network IDS/IPS,” in Proc. IEEE Int. Conf, Netw. Protocols, Santa Barbara, CA, Nov. 2006, pp. 187-196.
N. Tuck, T. Sherwood, B. Calder, and G. Varghese, “Deterministic memory-efficient string matching algorithms for intrusion detection,” in Proc. IEEE INFOCOM, Hong Kong, China, Mar. 2004, pp. 2628–2639.
W. Eatherton, Z. Dottier, and G. Varghese, “Tree bitmap: Hardware/ Software IP lookups with incremental updates”. Unpublished, 2002.
T. Miyazaki. “Speed-up of string pattem matching using Huffman codes with finite state model” (in Japanese). Master Thesis, Kyushu Institute of Technology, 1997.
T. Nishimura, S. Fukamachi, and T. Shinohara. “Speed-up of Aho-Corasick pattern matching machines by rearranging states,” in Proc. IEEE String Processing and Info. Retrieval, Laguna de San Rafael, Chile, Nov. 2001, pp. 175-185.
F. Yu, R. Katz, and T. V. Lakshman, “Gigabit rate packet pattern matching using TCAM,” in Proc. IEEE Int. Conf. Netw. Protocols, Berlin, Germany, Oct. 2004, pp. 174–183.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media B.V.
About this paper
Cite this paper
Rejeb, J., Srinivasan, M. (2008). Extension of Aho-Corasick Algorithm to Detect Injection Attacks. In: Sobh, T. (eds) Advances in Computer and Information Sciences and Engineering. Springer, Dordrecht. https://doi.org/10.1007/978-1-4020-8741-7_37
Download citation
DOI: https://doi.org/10.1007/978-1-4020-8741-7_37
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-8740-0
Online ISBN: 978-1-4020-8741-7
eBook Packages: Computer ScienceComputer Science (R0)