Partial Signature Matching in an MPTCP World using Insert-only Levenshtein Distance
(English)Manuscript (preprint) (Other academic)
This paper proposes a methodology consisting of a constrained version of the Levenshtein distance that can be used to detect signatures from partial traffic. The proposed algorithm is formally presented, implemented, and tested using the latest available version of the Snort ruleset. The results show that the algorithm can successfully detect all partial signatures with nearly 90% accuracy.
IdentifiersURN: urn:nbn:se:kau:diva-48173OAI: oai:DiVA.org:kau-48173DiVA: diva2:1082818