<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">tuzsut</journal-id><journal-title-group><journal-title xml:lang="ru">Труды учебных заведений связи</journal-title><trans-title-group xml:lang="en"><trans-title>Proceedings of Telecommunication Universities</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1813-324X</issn><issn pub-type="epub">2712-8830</issn><publisher><publisher-name>СПбГУТ</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.31854/1813-324X-2025-11-4-107-117</article-id><article-id custom-type="edn" pub-id-type="custom">OOUQEF</article-id><article-id custom-type="elpub" pub-id-type="custom">tuzsut-702</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ И ТЕЛЕКОММУНИКАЦИИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>INFORMATION TECHNOLOGIES AND TELECOMMUNICATION</subject></subj-group></article-categories><title-group><article-title>Математическая модель сигнатурного анализа сетевого трафика и экспериментальная оценка эффективности ее функционирования</article-title><trans-title-group xml:lang="en"><trans-title>Signature Analysis Mathematical Model of Network Traffic and Experimental Evaluation of Its Functioning Efficiency</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0003-3104-0622</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Браницкий</surname><given-names>А. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Branitskiy</surname><given-names>A. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>кандидат технических наук, доцент, доцент кафедры защищенных систем связи Санкт-Петербургского государственного университета телекоммуникаций им. проф. М.А. Бонч-Бруевича</p></bio><email xlink:type="simple">branickii1.aa@sut.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0001-5629-6715</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Браницкая</surname><given-names>Н. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Branitskaya</surname><given-names>N. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>заместитель начальника отдела международного образовательного сотрудничества Санкт-Петербургского государственного университета</p></bio><email xlink:type="simple">nataliya_petrova@mail.ru</email><xref ref-type="aff" rid="aff-2"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Санкт-Петербургский государственный университет телекоммуникаций им. проф. М.А. Бонч-Бруевича</institution><country>Россия</country></aff><aff xml:lang="en"><institution>The Bonch-Bruevich Saint Petersburg State University of Telecommunications</institution><country>Russian Federation</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru"><institution>Санкт-Петербургский государственный университет</institution><country>Россия</country></aff><aff xml:lang="en"><institution>The Saint Petersburg State University</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2025</year></pub-date><pub-date pub-type="epub"><day>01</day><month>09</month><year>2025</year></pub-date><volume>11</volume><issue>4</issue><fpage>107</fpage><lpage>117</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Браницкий А.А., Браницкая Н.А., 2025</copyright-statement><copyright-year>2025</copyright-year><copyright-holder xml:lang="ru">Браницкий А.А., Браницкая Н.А.</copyright-holder><copyright-holder xml:lang="en">Branitskiy A.A., Branitskaya N.A.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://tuzs.sut.ru/jour/article/view/702">https://tuzs.sut.ru/jour/article/view/702</self-uri><abstract><sec><title>Актуальность</title><p>Актуальность. В современных системах обнаружения атак алгоритмы сигнатурного анализа являются ключевыми составляющими в процессе исследования сетевого трафика. Их широкая распространенность при реализации правил обнаружения атак обусловлена не только простотой их настройки и быстротой поиска, но также и возможностью обнаружения атак с нулевым уровнем ложных срабатываний. Это достигается за счет задания таких наборов специальных правил (сигнатурных правил), которые однозначно идентифицируют конкретный тип атаки. Разработка и оптимизация моделей и алгоритмов построения таких правил является актуальной задачей, поскольку ее решение позволяет увеличить уровень защищенности сетевых ресурсов от атак.</p><p>Цель исследования заключается в повышении эффективности функционирования систем обнаружения атак, построенных на основе сигнатурного анализа. </p></sec><sec><title>Используемые методы</title><p>Используемые методы. Исследование базируется на применении положений из теорий множеств и поиска информации, а также приемов параллельного и сетевого программирования. Предмет исследования – модели и алгоритмы сигнатурного поиска атак в сетевом трафике, объект – сигнатурные системы обнаружения атак.</p></sec><sec><title>Новизна</title><p>Новизна. В статье представлена математическая модель сигнатурного анализа сетевого трафика, которая отличается от известных аналогов универсальностью представления сигнатурных правил и поддержкой многоуровневой обработки как отдельных пакетов, так и сетевых потоков данных; выполнена оценка эффективности программной реализации данной модели. Универсальность представления сигнатурных правил достигается за счет возможности их расширения новыми правилами независимо от их внутренней реализации и без необходимости перестроения исходной модели. Многоуровневая обработка пакетов и сетевых потоков данных сигнатурными правилами обеспечивается за счет разработанных и встроенных в модель алгоритмов IP-дефрагментации и TCP-реассемблирования.</p></sec><sec><title>Практическая значимость</title><p>Практическая значимость. Результат проведенного эксперимента показывает, что разработанный анализатор сетевого трафика демонстрирует производительность, в 1,5 раза превосходящую в терминах оперативности и ресурсопотребления другие системы обнаружения атак с открытым исходным кодом. Тем самым разработанная модель может быть использована при построении эффективной системы обнаружения атак.</p></sec></abstract><trans-abstract xml:lang="en"><sec><title>Relevance</title><p>Relevance. In modern attack detection systems (ADSs), signature analysis algorithms are key components in the process of analyzing network traffic. Their widespread use in implementation of attack detection rules is due not only to the ease of their configuration and search speed, but also to the ability to detect attacks with zero false positives. This is achieved by specifying such sets of special rules (signature rules) that uniquely identify a specific type of attack. The development and optimization of models and algorithms for constructing such rules is an urgent task, since its solution allows increasing the level of protection of network resources from attacks.</p><p>The purpose of the research is to improve the operating efficiency of ADSs built on the basis of signature analysis. Methods used. The research is based on the application of provisions from the theories of sets and information retrieval, as well as parallel and network programming techniques. The subject is models and algorithms for signature search of attacks in network traffic, the object is signature ADSs.</p></sec><sec><title>Novelty</title><p>Novelty. The paper presents a mathematical model of signature analysis of network traffic, which differs from known analogs in the universality of the representation of signature rules and support for multi-level processing of both individual packets and network data flows; an assessment of the effectiveness of the software implementation of this model is performed. The universality of the representation of signature rules is achieved due to the possibility of their expansion with new rules regardless of their internal implementation and without the need to reconstruct the original model. Multi-level processing of packets and network data flows by signature rules is ensured by the IP defragmentation and TCP reassembly algorithms developed and integrated into the model.</p></sec><sec><title>Practical significance</title><p>Practical significance. The result of the experiment shows that the developed network traffic analyzer demonstrates performance that is 1,5 times superior in terms of promptness and resource consumption to other open source ADSs. Thus, the developed model can be used in constructing an effective ADS. </p></sec></trans-abstract><kwd-group xml:lang="ru"><kwd>сигнатурный анализ</kwd><kwd>сигнатурные правила</kwd><kwd>сетевой трафик</kwd><kwd>сетевые пакеты</kwd><kwd>сетевые атаки</kwd><kwd>системы обнаружения атак</kwd><kwd>компьютерные сети</kwd><kwd>конечные автоматы</kwd><kwd>сети Петри</kwd><kwd>поиск подстрок</kwd><kwd>регулярные выражения</kwd></kwd-group><kwd-group xml:lang="en"><kwd>signature analysis</kwd><kwd>signature rules</kwd><kwd>network traffic</kwd><kwd>network packets</kwd><kwd>network attacks</kwd><kwd>attack detection systems</kwd><kwd>computer networks</kwd><kwd>finite state machines</kwd><kwd>Petri nets</kwd><kwd>substring search</kwd><kwd>regular expressions</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Kumar S., Spafford E.H. A Pattern Matching Model for Misuse Intrusion Detection // Proceedings of the 17th National Computer Security Conference (NIST, Baltimore, USA, 11–14 October 1994). 1994. Vol. 1. PP. 11–21.</mixed-citation><mixed-citation xml:lang="en">Kumar S., Spafford E.H. A Pattern Matching Model for Misuse Intrusion Detection. Proceedings of the 17th National Computer Security Conference, NIST, 11–14 October 1994, Baltimore, USA, vol.1. 1994. p.11–21.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Браницкий А.А. Программные способы повышения эффективности функционирования сетевых сигнатурных систем обнаружения атак // VII Международная научно-техническая и научно-методическая конференция «Актуальные проблемы инфотелекоммуникаций в науке и образовании» (АПИНО, Санкт-Петербург, Российская Федерация, 28 февраля – 01 марта 2018 г.). СПб.: СПбГУТ, 2018. Т. 1. С. 118–123. EDN:XSUFGX</mixed-citation><mixed-citation xml:lang="en">Branitskiy A. Software Ways for Enhancing the Effectiveness of the Network-Based Signature Attack Detection Systems. Proceedings of the VIIth International Conference on Infotelecommunications in Science and Education, 28 February – 1 March 2018, St. Petersburg, Russian Federation, vol.1. St. Petersburg: Saint-Petersburg State University of Telecommunications Publ.; 2018. p.118–123. (in Russ.) EDN:XSUFGX</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Gowrison G., Ramar K., Muneeswaran K., Revathi T. Efficient context-free grammar intrusion detection system // International Journal of Innovative Computing Information and Control. 2011. Vol. 7. Iss. 8. PP. 4779–4788.</mixed-citation><mixed-citation xml:lang="en">Gowrison G., Ramar K., Muneeswaran K., Revathi T. Efficient context-free grammar intrusion detection system. International Journal of Innovative Computing Information and Control. 2011;7(8):4779–4788.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Kazachkin D.S., Gamayunov D.Y. Network traffic analysis optimization for signature-based intrusion detection systems // Proceedings of the Spring/Summer Young Researchers’ Colloquium on Software Engineering. 2008. Iss. 2. DOI:10.15514/SYRCOSE-2008-2-5</mixed-citation><mixed-citation xml:lang="en">Kazachkin D. S., Gamayunov D. Y. Network traffic analysis optimization for signature-based intrusion detection systems. Proceedings of the Spring/Summer Young Researchers’ Colloquium on Software Engineering. 2008;2. DOI:10.15514/SYRCOSE-2008-2-5</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Kruegel C., Toth T. Using Decision Trees to Improve Signature-Based Intrusion Detection // Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection (RAID 2003, Pittsburgh, USA, 8–10 September 2003). Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2003. Vol. 2820. PP. 173–191. DOI:10.1007/978-3-540-45248-5_10</mixed-citation><mixed-citation xml:lang="en">Kruegel C., Toth T. Using Decision Trees to Improve Signature-Based Intrusion Detection. Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection, RAID 2003, 8–10 September 2003, Pittsburgh, USA. Lecture Notes in Computer Science, vol.2820. Berlin, Heidelberg: Springer; 2003. p.173–191. DOI:10.1007/978-3-540-45248-5_10</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Ilgun K., Kemmerer R.A., Porras P.A. State transition analysis: A rule-based intrusion detection approach // IEEE Transactions on Software Engineering. 1995. Vol. 21. Iss. 3. PP. 181–199. DOI:10.1109/32.372146</mixed-citation><mixed-citation xml:lang="en">Ilgun K., Kemmerer R. A., Porras P. A. State transition analysis: A rule-based intrusion detection approach. IEEE Transactions on Software Engineering. 1995;21(3):181–199. DOI:10.1109/32.372146</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Kumar S., Spafford E.H. A Software Architecture to Support Misuse Intrusion Detection // Proceedings of the 18th National Information Security Conference (NIST, Baltimore, USA, 10–13 October 1995). 1995. Vol. 1. PP. 194–204.</mixed-citation><mixed-citation xml:lang="en">Kumar S., Spafford E.H. A Software Architecture to Support Misuse Intrusion Detection. Proceedings of the 18th National Information Security Conference, NIST, 10–13 October 1995, Baltimore, USA, vol.1. 1995. p.194–204.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Zhang X., Wu T., Zheng Q., Zhai L., Hu H., Yin W., et al. Multi-Step Attack Detection Based on Pre-Trained Hidden Markov Models // Sensors. 2022. Vol. 22. Iss. 8. P. 2874. DOI:10.3390/s22082874</mixed-citation><mixed-citation xml:lang="en">Zhang X., Wu T., Zheng Q., Zhai L., Hu H., Yin W., et al. Multi-Step Attack Detection Based on Pre-Trained Hidden Markov Models. Sensors. 2022;22(8):2874. DOI:10.3390/s22082874</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Lunt T.F., Tamaru A., Gillham F. A Real-Time Intrusion Detection Expert System (IDES). Final Technical Report for SRI Project 6784. 1992.</mixed-citation><mixed-citation xml:lang="en">Lunt T.F., Tamaru A., Gillham F. A Real-Time Intrusion Detection Expert System (IDES). Final Technical Report for SRI Project 6784. 1992.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Lindqvist U., Porras P.A. eXpert-BSM: A host-based intrusion detection solution for Sun Solaris // Seventeenth Annual Computer Security Applications Conference (New Orleans, USA, 10–14 December 2001). IEEE, 2001. PP. 240–251. DOI:10.1109/ACSAC.2001.991540</mixed-citation><mixed-citation xml:lang="en">Lindqvist U., Porras P.A. eXpert-BSM: A host-based intrusion detection solution for Sun Solaris. Seventeenth Annual Computer Security Applications Conference, 10–14 December 2001, New Orleans, USA. IEEE; 2001. p.240–251. DOI:10.1109/ACSAC.2001.991540</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Lindqvist U., Porras P.A. Detecting computer and network misuse through the production-based expert system toolset (P-BEST) // Proceedings of the 1999 IEEE Symposium on Security and Privacy (Oakland, USA, 14–14 May 1999). IEEE, 1999. PP. 146–161. DOI:10.1109/SECPRI.1999.766911</mixed-citation><mixed-citation xml:lang="en">Lindqvist U., Porras P.A. Detecting computer and network misuse through the production-based expert system toolset (P-BEST). Proceedings of the 1999 IEEE Symposium on Security and Privacy, 14–14 May 1999, Oakland, USA. IEEE; 1999. p.146–161. DOI:10.1109/SECPRI.1999.766911</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Kim H.J., Choi J. Recommendations for Responding to System Security Incidents Using Knowledge Graph Embedding // Electronics. 2023. Vol. 13. Iss. 1. P. 171. DOI:10.3390/electronics13010171</mixed-citation><mixed-citation xml:lang="en">Kim H.J., Choi J. Recommendations for Responding to System Security Incidents Using Knowledge Graph Embedding. Electronics. 2023;13(1):171. DOI:10.3390/electronics13010171</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Wang Y., Jere S., Banerjee S., Liu L., Shetty S., Dayekh S. Anonymous Jamming Detection in 5G with Bayesian Network Model Based Inference Analysis // Proceedings of the 23rd International Conference on High Performance Switching and Routing (HPSR, Taicang, China, 06–08 June 2022). IEEE, 2022. PP. 151–156. DOI:10.1109/HPSR54439.2022.9831286</mixed-citation><mixed-citation xml:lang="en">Wang Y., Jere S., Banerjee S., Liu L., Shetty S., Dayekh S. Anonymous Jamming Detection in 5G with Bayesian Network Model Based Inference Analysis. Proceedings of the 23rd International Conference on High Performance Switching and Routing, HPSR, 06–08 June 2022, Taicang, China. IEEE; 2022. p.151–156. DOI:10.1109/HPSR54439.2022.9831286</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Almseidin M., Al-Sawwa J., Alkasassbeh M., Alweshah M. On detecting distributed denial of service attacks using fuzzy inference system // Cluster Computing. 2023. Vol. 26. Iss. 2. PP. 1337–1351. DOI:10.1007/s10586-022-03657-5</mixed-citation><mixed-citation xml:lang="en">Almseidin M., Al-Sawwa J., Alkasassbeh M., Alweshah M. On detecting distributed denial of service attacks using fuzzy inference system. Cluster Computing. 2023;26(2):1337–1351. DOI:10.1007/s10586-022-03657-5</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Braden R., Borman D., Partridge C. RFC 1071: Computing the Internet Checksum. 1988. URL: https://dl.acm.org/doi/pdf/10.17487/RFC1071 (Accessed 22.08.2025)</mixed-citation><mixed-citation xml:lang="en">Braden R., Borman D., Partridge C. RFC 1071: Computing the Internet Checksum. 1988. URL: https://dl.acm.org/doi/pdf/10.17487/RFC1071 [Accessed 22.08.2025]</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Fall K.R., Stevens W.R. TCP/IP illustrated. Addison-Wesley Professional, 2012. Vol. 1. 1008 p.</mixed-citation><mixed-citation xml:lang="en">Fall K.R., Stevens W.R. TCP/IP illustrated, vol.1. Addison-Wesley Professional, 2012. 1008 p.</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Laraba A., François J., Chrisment I., Chowdhury S.R., Boutaba R. Detecting Multi-Step Attacks: A Modular Approach for Programmable Data Plane // NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium (Budapest, Hungary, 25–29 April 2022). IEEE Press, 2022. PP. 1–9. DOI:10.1109/NOMS54207.2022.978993</mixed-citation><mixed-citation xml:lang="en">Laraba A., François J., Chrisment I., Chowdhury S.R., Boutaba R. Detecting Multi-Step Attacks: A Modular Approach for Programmable Data Plane. NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, 25–29 April 2022, Budapest, Hungary. IEEE Press; 2022. p.1–9. DOI:10.1109/NOMS54207.2022.978993.</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Madhloom J.K., Noori Z.H., Ebis S.K., Hassen O.A., Darwish S.M. An Information Security Engineering Framework for Modeling Packet Filtering Firewall Using Neutrosophic Petri Nets // Computers. 2023. Vol. 12. Iss. 10. P. 202. DOI:10.3390/comput-ers12100202</mixed-citation><mixed-citation xml:lang="en">Madhloom J.K., Noori Z.H., Ebis S.K., Hassen O.A., Darwish S.M. An Information Security Engineering Framework for Modeling Packet Filtering Firewall Using Neutrosophic Petri Nets. Computers. 2023;12(10):202. DOI:10.3390/computers12100202</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Браницкий А.А. Алгоритмы параллельного поиска шаблонных подстрок при реализации сигнатурных правил СОА // Региональная информатика и информационная безопасность: сборник трудов конференции (Санкт-Петербург, Российская Федерация, 01–03 ноября 2017 г.). СПб.: Санкт-Петербургское Общество информатики, вычислительной техники, систем связи и управления, 2017. Т. 4. C. 210–212. EDN:XTONUL</mixed-citation><mixed-citation xml:lang="en">Branitskiy A.A. Algorithms for parallel search of template substrings in the implementation of signature rules of ADSs. Regional Informatics and Information Security: Conference Proceedings, 1–3 November 2017, St. Petersburg, Russian Federation, vol.4. St. Petersburg: Saint-Petersburg Society for Informatics, Computer Engineering, Communications and Control Systems Publ.; 2017. p.210–212. EDN:XTONUL</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">Thota K.K., Raj R.J.R. Efficient Regular Expression Matching and Hardware-Accelerated Finite Automata Pattern Recognition in NIDS // Proceedings of the 6th International Conference on Recent Trends in Advance Computing (ICRTAC, Chennai, India, 14–15 December 2023). IEEE, 2023. PP. 349–353. DOI:10.1109/ICRTAC59277.2023.10480760</mixed-citation><mixed-citation xml:lang="en">Thota K.K., Raj R.J.R. Efficient Regular Expression Matching and Hardware-Accelerated Finite Automata Pattern Recognition in NIDS. Proceedings of the 6th International Conference on Recent Trends in Advance Computing, 14–15 December 2023, ICRTAC, Chennai, India. IEEE; 2023. p.349–353. DOI:10.1109/ICRTAC59277.2023.10480760</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">Браницкий А.А. Обнаружение аномальных сетевых соединений на основе гибридизации методов вычислительного интеллекта. Дис. … канд. тех. наук. СПб.: Санкт-Петербургский Федеральный исследовательский центр РАН, 2018. 305 с. EDN:OQGUHC</mixed-citation><mixed-citation xml:lang="en">Branitskiy A.A. Detection of Anomalous Network Connections Based on Hybridization of Computational Intelligence Methods. Ph.D. Dissertation. St. Petersburg: St. Petersburg Federal Research Center of the Russian Academy of Sciences Publ.; 2018. 305 p. (in Russ.) EDN:OQGUHC</mixed-citation></citation-alternatives></ref><ref id="cit22"><label>22</label><citation-alternatives><mixed-citation xml:lang="ru">Febrita R.E., Hakim L., Utomo A.P. The Implementation of Machine Learning for Optimizing Network-Based Intrusion Detection in the Snort Application // Proceedings of the 6th International Seminar on Research of Information Technology and Intelligent Systems (ISRITI, Batam, Indonesia, 11–12 December 2023). 2023. PP. 141–147. DOI:10.1109/ISRITI60336.2023.10467566</mixed-citation><mixed-citation xml:lang="en">Febrita R.E., Hakim L., Utomo A.P. The Implementation of Machine Learning for Optimizing Network-Based Intrusion Detection in the Snort Application. Proceedings of the 6th International Seminar on Research of Information Technology and Intelligent Systems, ISRITI, 11–12 December 2023, Batam, Indonesia. 2023. p.141–147. DOI:10.1109/ISRITI60336.2023.10467566</mixed-citation></citation-alternatives></ref><ref id="cit23"><label>23</label><citation-alternatives><mixed-citation xml:lang="ru">Makanju A., LaRoche P., Zincir-Heywood A.N. A Comparison Between Signature and Machine Learning Based Detectors. URL: https://citeseerx.ist.psu.edu/document?repid=rep1&amp;type=pdf&amp;doi=16e92def7fca8e41894e875f2eb9d4118a4d09df (Accessed 22.08.2025)</mixed-citation><mixed-citation xml:lang="en">Makanju A., LaRoche P., Zincir-Heywood A.N. A Comparison Between Signature and Machine Learning Based Detectors. URL: https://citeseerx.ist.psu.edu/document?repid=rep1&amp;type=pdf&amp;doi=16e92def7fca8e41894e875f2eb9d4118a4d09df (Accessed 22.08.2025)</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
