Title :
A memory-efficient parallel string matching for intrusion detection systems
Author :
HyunJin Kim ; Hyejeong Hong ; Hong-Sik Kim ; Sungho Kang
Author_Institution :
Dept. of Electr. & Electron. Eng., Yonsei Univ., Seoul, South Korea
fDate :
12/1/2009 12:00:00 AM
Abstract :
As the variety of hazardous packet payload contents increases, the intrusion detection system (IDS) should be able to detect numerous patterns in real time. For this reason, this paper proposes an Aho-Corasick algorithm based parallel string matching. In order to balance memory usage between homogeneous finite-state machine (FSM) tiles for each string matcher, an optimal set of bit position groups is determined. Target patterns are sorted by binary-reflected gray code (BRGC), which reduces bit transitions in patterns mapped onto a string matcher. In the evaluations of Snort rules, the proposed string matching outperforms the existing bit-split string matching.
Keywords :
Gray codes; finite state machines; security of data; string matching; Aho-Corasick algorithm; Snort rules; binary-reflected gray code; bit-split string matching; hazardous packet payload contents; homogeneous finite-state machine; intrusion detection systems; memory-efficient parallel string matching; Automata; Condition monitoring; Intrusion detection; Pattern matching; Payloads; Real time systems; Reflective binary codes; Scalability; Computer network security; finite state machines; site security monitoring; string matching;
Journal_Title :
Communications Letters, IEEE
DOI :
10.1109/LCOMM.2009.12.082230