Title :
A fast pattern-match engine for network processor-based network intrusion detection system
Author :
Liu, Rong-Tai ; Huang, Nen-Fu ; Kao, Chia-Nan ; Chen, Chih-Hao ; Chou, Chi-Chieh
Author_Institution :
Dept. of Comput. Sci., National Tsing Hua Univ., Hsinchu, Taiwan
Abstract :
Network intrusion detection systems (NIDS) are one of the latest developments in security. The matching of packet strings against collected signatures dominates signature-based NIDS performance. This work presents FNP2, an efficient pattern-matching engine designed for Network Processor platform which conducts matching sets of patterns in parallel. This work shows that combining our string matching methodology, hashing engine supported by most network processors, and characteristics of current Snort signatures frequently improves performance and reduces number of memory accesses compared to current NIDS pattern matching algorithms. Another contribution is to highlight that, besides total number of searching patterns, shortest pattern length is also a major influence on NIDS multi-pattern matching algorithm performance.
Keywords :
computer networks; cryptography; message authentication; storage management; string matching; telecommunication security; FNP2 pattern-matching engine; NIDS multipattern matching algorithm performance; Snort signatures; hashing engine; memory accesses; network processor-based network intrusion detection system; network security; packet string matching; parallel pattern matching; pattern-match engine; searching patterns; shortest pattern length; signature collection; signature-based NIDS; Automation; Communication system security; Computer science; Computer security; Delay; Engines; Hardware; Intrusion detection; National security; Pattern matching;
Conference_Titel :
Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. International Conference on
Print_ISBN :
0-7695-2108-8
DOI :
10.1109/ITCC.2004.1286432
