Title :
Processing of multi-pattern signature in intrusion detection system with content processor
Author :
Kim, Young-Ho ; Jung, Bo-Heung ; Lim, Jae-Deok ; Kim, Ki-Young
Author_Institution :
Electron. & Telecommun. Res. Inst., Daejeon
Abstract :
Content processor refers to the hardware accelerator for pattern matching which is essential for network security appliances such as intrusion detection system. With the deployment of high-speed network, its use has been increased to detect malicious attacks in the packet stream in real time. In this paper we introduce an efficient algorithm for content processor to perform multi-pattern signature matching. The proposed algorithm uses software bitmap for each multi-pattern signature without hardware changes, which maximizes flexibility of content processor. From the analysis of Snort which is the widely used intrusion detection system, we observe spatial locality between distances of patterns in the multi-pattern signature. The algorithm makes use of this distance information for adaptive performance optimization. Our techniques show that content processor can be used for multi-pattern processing in intrusion detection systems without hardware modification with reasonable performance.
Keywords :
computer networks; digital signatures; microprocessor chips; pattern matching; telecommunication security; adaptive performance optimization; content processor; hardware accelerator; intrusion detection system; multipattern signature matching; network security; software bitmap; Electron accelerators; Hardware; High-speed networks; Home appliances; Intrusion detection; Optimization; Pattern analysis; Pattern matching; Software algorithms; Telecommunication traffic; content processor; intrusion detection system; multi-pattern; snort;
Conference_Titel :
Information, Communications & Signal Processing, 2007 6th International Conference on
Conference_Location :
Singapore
Print_ISBN :
978-1-4244-0982-2
Electronic_ISBN :
978-1-4244-0983-9
DOI :
10.1109/ICICS.2007.4449753
