Title :
Deterministic memory-efficient string matching algorithms for intrusion detection
Author :
Tuck, Nathan ; Sherwood, Timothy ; Calder, Brian ; Varghese, George
Author_Institution :
Dept. of Comput. Sci. & Eng., California Univ., San Diego, CA, USA
Abstract :
Intrusion detection systems (IDSs) have become widely recognized as powerful tools for identifying, deterring and deflecting malicious attacks over the network. Essential to almost every intrusion detection system is the ability to search through packets and identify content that matches known attacks. Space and time efficient string matching algorithms are therefore important for identifying these packets at line rate. We examine string matching algorithms and their use for intrusion detection, in particular, we focus our efforts on providing worst-case performance that is amenable to hardware implementation. We contribute modifications to the Aho-Corasick string-matching algorithm that drastically reduce the amount of memory required and improve its performance on hardware implementations. We also show that these modifications do not drastically affect software performance on commodity processors, and therefore may be worth considering in these cases as well.
Keywords :
Internet; performance evaluation; security of data; string matching; Aho-Corasick string-matching algorithm; Internet; deterministic memory-efficient string matching algorithm; intrusion detection system; worst-case performance; Computer crime; Computer science; Hardware; Internet; Intrusion detection; Power engineering and energy; Protection; Software performance; Telecommunication traffic; Web server;
Conference_Titel :
INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies
Print_ISBN :
0-7803-8355-9
DOI :
10.1109/INFCOM.2004.1354682
