Multi-Packet Signature Detection Using Prefix Bloom Filters
It is now a fact that manual defenses against worm epidemics are not practical. Recently, various automatic worm identification methods are proposed to be deployed at high-speed network nodes to respond in time to fast infection rates of worms. Unfortunately, these methods can easily be evaded by fragmentation of the worm packets. The straightforward defragmentation method is not applicable for these high-speed nodes, due to its high storage (memory) requirement. In this paper, this problem, namely the multi-packet signature detection problem is addressed using a defragmentation-free, space-efficient solution.