{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T06:46:06Z","timestamp":1725518766982},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540874027"},{"type":"electronic","value":"9783540874034"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-87403-4_9","type":"book-chapter","created":{"date-parts":[[2008,9,17]],"date-time":"2008-09-17T11:42:05Z","timestamp":1221651725000},"page":"155-174","source":"Crossref","is-referenced-by-count":9,"title":["High-Speed Matching of Vulnerability Signatures"],"prefix":"10.1007","author":[{"given":"Nabil","family":"Schear","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David R.","family":"Albrecht","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nikita","family":"Borisov","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"9_CR1","doi-asserted-by":"crossref","unstructured":"Pang, R., Paxson, V., Sommer, R., Peterson, L.: binpac: A yacc for Writing Application Protocol Parsers. In: Proceedings of the Internet Measurement Conference (2006)","DOI":"10.1145\/1177080.1177119"},{"key":"9_CR2","doi-asserted-by":"crossref","unstructured":"Wang, H.J., Guo, C., Simon, D.R., Zugenmaier, A.: Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits. In: ACM SIGCOMM Computer Communications Review (2004)","DOI":"10.1145\/1015467.1015489"},{"key":"9_CR3","unstructured":"CERT: \u201cCode Red\u201d Worm Exploiting Buffer Overflow in IIS Indexing Service DLL. CERT Advisory CA-2001-19 (July 2001), www.cert.org\/advisories\/CA-2001-19.html"},{"key":"9_CR4","unstructured":"Friedl, S.: Analysis of the New \u201cCode Red II\u201d Variant (August 2001), http:\/\/www.unixwiz.net\/techtips\/CodeRedII.html"},{"key":"9_CR5","unstructured":"Microsoft: Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0 Server. Microsoft Security Bulletin MS01-033 (June 2001), www.microsoft.com\/technet\/security\/bulletin\/ms01-023.mspx"},{"key":"9_CR6","unstructured":"Rescorla, E.: Security Holes... Who Cares?. In: Paxson, V. (ed.) USENIX Security Symposium (August 2003)"},{"key":"9_CR7","unstructured":"Borisov, N., Brumley, D.J., Wang, H.J., Dunagan, J., Joshi, P., Guo, C.: A Generic Application-Level Protocol Parser Analyzer and its Language. In: Proceedings of the 14th Annual Network and Distributed System Security Symposium (2007)"},{"issue":"23-24","key":"9_CR8","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V. Paxson","year":"1999","unstructured":"Paxson, V.: Bro: A System for Detecting Network Intruders in Real-time. Comput. Netw.\u00a031(23-24), 2435\u20132463 (1999)","journal-title":"Comput. Netw."},{"key":"9_CR9","doi-asserted-by":"crossref","unstructured":"Brumley, D., Newsome, J., Song, D., Wang, H., Jha, S.: Towards Automatic Generation of Vulnerability-Based Signatures. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy (2006)","DOI":"10.1109\/SP.2006.41"},{"key":"9_CR10","unstructured":"CVE: Common Vulnerabilities and Exposures, http:\/\/cve.mitre.org\/"},{"issue":"6","key":"9_CR11","doi-asserted-by":"publisher","first-page":"333","DOI":"10.1145\/360825.360855","volume":"18","author":"A.V. Aho","year":"1975","unstructured":"Aho, A.V., Corasick, M.J.: Efficient String Matching: an Aid to Bibliographic Search. Commun. ACM\u00a018(6), 333\u2013340 (1975)","journal-title":"Commun. ACM"},{"key":"9_CR12","unstructured":"Wu, S., Manber, U.: A Fast Algorithm for Multi-Pattern Searching. Technical Report TR-94-17, Department of Computer Science, University of Arizona (1994)"},{"key":"9_CR13","doi-asserted-by":"crossref","unstructured":"Clark, C., Lee, W., Schimmel, D., Contis, D., Kon\u00e9, M., Thomas, A.: A Hardware Platform for Network Intrusion Detection and Prevention. In: Proceedings of the Third Workshop on Network Processors and Applications (2004)","DOI":"10.1016\/B978-012088476-6\/50007-1"},{"key":"9_CR14","doi-asserted-by":"crossref","unstructured":"Brodie, B.C., Taylor, D.E., Cytron, R.K.: A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching. In: ISCA, pp. 191\u2013202 (2006)","DOI":"10.1109\/ISCA.2006.7"},{"key":"9_CR15","unstructured":"Dreger, H., Feldmann, A., Mai, M., Paxson, V., Sommer, R.: Dynamic Application-layer Protocol Analysis for Network Intrusion Detection. In: USENIX-SS 2006: Proceedings of the 15th conference on USENIX Security Symposium, Berkeley, CA, USA, p. 18. USENIX Association (2006)"},{"key":"9_CR16","volume-title":"Higher Order Perl: Transforming Programs with Programs","author":"M.J. Dominus","year":"2005","unstructured":"Dominus, M.J.: Higher Order Perl: Transforming Programs with Programs. Morgan Kaufmann, San Francisco (2005)"},{"key":"9_CR17","unstructured":"Sourcefire, Inc.: Snort, www.snort.org"},{"issue":"7","key":"9_CR18","doi-asserted-by":"publisher","first-page":"697","DOI":"10.1002\/spe.590","volume":"34","author":"B.W. Watson","year":"2004","unstructured":"Watson, B.W., Cleophas, L.: SPARE Parts: a C++ Toolkit for String Pattern Recognition. Softw. Pract. Exper.\u00a034(7), 697\u2013710 (2004)","journal-title":"Softw. Pract. Exper."},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Cui, W., Peinado, M., Wang, H.J., Locasto, M.E.: ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing. In: Pfitzmann, B., McDaniel, P. (eds.) IEEE Symposium on Security and Privacy, May 2007, pp. 252\u2013266 (2007)","DOI":"10.1109\/SP.2007.34"},{"key":"9_CR20","unstructured":"NISCC: Vulnerability Advisory 589088\/NISCC\/DNS (May 2005), http:\/\/www.cpni.gov.uk\/docs\/re-20050524-00432.pdf"},{"key":"9_CR21","doi-asserted-by":"crossref","unstructured":"Clark, C.R., Schimmel, D.E.: Scalable Pattern Matching for High-Speed Networks. In: IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM), Napa, California, pp. 249\u2013257 (2004)","DOI":"10.1109\/FCCM.2004.50"},{"key":"9_CR22","unstructured":"Intel: Intel Network Processors, www.intel.com\/design\/network\/products\/npfamily\/index.htm"},{"issue":"4","key":"9_CR23","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1145\/1282427.1282391","volume":"37","author":"J.S. Turner","year":"2007","unstructured":"Turner, J.S., Crowley, P., DeHart, J., Freestone, A., Heller, B., Kuhns, F., Kumar, S., Lockwood, J., Lu, J., Wilson, M., Wiseman, C., Zar, D.: Supercharging PlanetLab: A High Performance, Multi-application, Overlay Network Platform. SIGCOMM Computing Communications Review\u00a037(4), 85\u201396 (2007)","journal-title":"SIGCOMM Computing Communications Review"},{"key":"9_CR24","first-page":"213","volume-title":"ACM Conference on Computer and Communications Security","author":"Z. Liang","year":"2005","unstructured":"Liang, Z., Sekar, R.: Fast and Automated Generation of Attack Signatures: A Basis for Building Self-protecting Servers. In: Meadows, C. (ed.) ACM Conference on Computer and Communications Security, November 2005, pp. 213\u2013222. ACM, New York (2005)"},{"key":"9_CR25","doi-asserted-by":"crossref","unstructured":"Brumley, D., Wang, H., Jha, S., Song, D.: Creating Vulnerability Signatures Using Weakest Pre-conditions. In: Proceedings of the 2007 Computer Security Foundations Symposium, Venice, Italy (July 2007)","DOI":"10.1109\/CSF.2007.17"},{"key":"9_CR26","doi-asserted-by":"crossref","unstructured":"Slowinska, A., Bos, H.: The Age of Data: Pinpointing Guilty Bytes in Polymorphic Buffer Overflows on Heap or Stack. In: Samarati, P., Payne, C. (eds.) Annual Computer Security Applications Conference (December 2007)","DOI":"10.1109\/ACSAC.2007.32"},{"issue":"10","key":"9_CR27","doi-asserted-by":"publisher","first-page":"762","DOI":"10.1145\/359842.359859","volume":"20","author":"R.S. Boyer","year":"1977","unstructured":"Boyer, R.S., Moore, J.S.: A Fast String Searching Algorithm. Commun. ACM\u00a020(10), 762\u2013772 (1977)","journal-title":"Commun. ACM"},{"key":"9_CR28","unstructured":"Flex: The Fast Lexical Analyzer, http:\/\/www.gnu.org\/software\/flex"},{"key":"9_CR29","unstructured":"PCRE: Perl Compatible Regular Expression Library, http:\/\/www.pcre.org"},{"key":"9_CR30","doi-asserted-by":"crossref","unstructured":"Smith, R., Estan, C., Jha, S.: XFA: Faster Signature Matching with Extended Automata. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy (2008)","DOI":"10.1109\/SP.2008.14"},{"key":"9_CR31","doi-asserted-by":"crossref","unstructured":"Rubin, S., Jha, S., Miller, B.P.: Protomatching Network Traffic for High Throughput Network Intrusion Detection. In: Proceedings of the 13th ACM conference on Computer and communications security (2006)","DOI":"10.1145\/1180405.1180413"},{"key":"9_CR32","unstructured":"Li, Z., Xia, G., Tang, Y., He, Y., Chen, Y., Liu, B., West, J., Spadaro, J.: NetShield: Matching with a Large Vulnerability Signature Ruleset for High Performance Network Defense (manuscript) (2008)"},{"key":"9_CR33","unstructured":"Ptacek, T.H., Newsham, T.N.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Technical report, Secure Networks, Inc., Suite 330, 1201 5th Street S.W, Calgary, Alberta, Canada, T2R-0Y6 (1998)"},{"key":"9_CR34","unstructured":"Roesch, M.: Snort\u2014Lightweight Intrusion Detection for Networks. In: Parter, D. (ed.) Proceedings of the 1999 USENIX LISA Systems Administration Conference, Berkeley, CA, USA, November 1999, pp. 229\u2013238. USENIX Association (1999)"},{"key":"9_CR35","doi-asserted-by":"crossref","unstructured":"de Bruijn, W., Slowinska, A., van Reeuwijk, K., Hruby, T., Xu, L., Bos, H.: SafeCard: A Gigabit IPS on the Network Card. In: Proceedings of the 9th International Symposium On Recent Advances in Intrusion Detection (2006)","DOI":"10.1007\/11856214_16"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-87403-4_9.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T02:37:30Z","timestamp":1606185450000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-87403-4_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540874027","9783540874034"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-87403-4_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[]}}