Pattern matching acceleration for network intrusion detection systems
- Authors
- Kim, S.
- Issue Date
- 2005
- Publisher
- Springer Verlag
- Citation
- Lecture Notes in Computer Science, v.3553, pp.289 - 298
- Journal Title
- Lecture Notes in Computer Science
- Volume
- 3553
- Start Page
- 289
- End Page
- 298
- URI
- https://scholarworks.bwise.kr/hongik/handle/2020.sw.hongik/25651
- DOI
- 10.1007/11512622_31
- ISSN
- 0302-9743
- Abstract
- Pattern matching is one of critical parts of Network Intrusion Detection Systems (NIDS). Pattern matching is computationally intensive. To handle an increasing number of attack signature patterns, a NIDS require a multi-pattern matching method that can meet the line-speed of packet transfer. The multi-pattern matching method should efficiently handle a large number of patterns with a wide range of pattern lengths and noncase-sensitive pattern matches. It should also be able to process multiple input characters in parallel. In this paper, we propose a multi-pattern matching hardware accelerator based on Shift-OR pattern matching algorithm. We evaluate the performance of the pattern matching accelerator under various assumptions. The performance evaluation shows that the pattern matching accelerator can be more than 80 times faster than the fastest software multi-pattern matching method used in Snort, a widely used open-source NIDS. © Springer-Verlag Berlin Heidelberg 2005.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - College of Engineering > Computer Engineering > Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.