DocumentCode :
1355434
Title :
A memory-efficient parallel string matching for intrusion detection systems
Author :
HyunJin Kim ; Hyejeong Hong ; Hong-Sik Kim ; Sungho Kang
Author_Institution :
Dept. of Electr. & Electron. Eng., Yonsei Univ., Seoul, South Korea
Volume :
13
Issue :
12
fYear :
2009
fDate :
12/1/2009 12:00:00 AM
Firstpage :
1004
Lastpage :
1006
Abstract :
As the variety of hazardous packet payload contents increases, the intrusion detection system (IDS) should be able to detect numerous patterns in real time. For this reason, this paper proposes an Aho-Corasick algorithm based parallel string matching. In order to balance memory usage between homogeneous finite-state machine (FSM) tiles for each string matcher, an optimal set of bit position groups is determined. Target patterns are sorted by binary-reflected gray code (BRGC), which reduces bit transitions in patterns mapped onto a string matcher. In the evaluations of Snort rules, the proposed string matching outperforms the existing bit-split string matching.
Keywords :
Gray codes; finite state machines; security of data; string matching; Aho-Corasick algorithm; Snort rules; binary-reflected gray code; bit-split string matching; hazardous packet payload contents; homogeneous finite-state machine; intrusion detection systems; memory-efficient parallel string matching; Automata; Condition monitoring; Intrusion detection; Pattern matching; Payloads; Real time systems; Reflective binary codes; Scalability; Computer network security; finite state machines; site security monitoring; string matching;
fLanguage :
English
Journal_Title :
Communications Letters, IEEE
Publisher :
ieee
ISSN :
1089-7798
Type :
jour
DOI :
10.1109/LCOMM.2009.12.082230
Filename :
5353291
Link To Document :
بازگشت