Abstract
During the last decade, rapid development of mobile devices and applications has produced a large number of mobile data which hide numerous cyber-attacks. To monitor the mobile data and detect the attacks, NIDS/NIPS plays important role for ISP and enterprise, but now it still faces two challenges, high performance for super large patterns and detection of the latest attacks. High performance is dominated by Deep Packet Inspection (DPI) mechanism, which is the core of security devices. A new TTL attack is just put forward to escape detecting, such that the adversary inserts packet with short TTL to escape from NIDS/NIPS. To address the above-mentioned problems, in this paper, we design a security system to handle the two aspects. For efficient DPI, a new two-step partition of pattern set is demonstrated and discussed, which includes first set-partition and second set-partition. For resisting TTL attacks, we set reasonable TTL threshold and patch TCP protocol stack to detect the attack. Compared with recent produced algorithm, our experiments show better performance and the throughput increased 27% when the number of patterns is 106. Moreover, the success rate of detection is 100%, and while attack intensity increased, the throughput decreased.
Highlights
More and more mobile data, including bad along with good, emerged and congested the network, which brings challenges to improve system performance and attack detection capabilities
In order to monitor the mobile data in ISP or enterprise, we design a security system to detect malicious information and attacks
We demonstrate the architecture of the entire system and give solutions of high performance and anti-attack
Summary
More and more mobile data, including bad along with good, emerged and congested the network, which brings challenges to improve system performance and attack detection capabilities. Efficient pattern matching algorithms are challenge for high performance. Previous research focused on the partitions of pattern set and mapping the subsets on parallel processors (cores); the problem is transformed into a scheduling problem. All the works divide the same length patterns as a minimal subset and suppose different combinational algorithms. (ii) We propose fined-gained parallel algorithm, a new two-step partition of pattern set.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
