Piranha: Fast and Memory-Efficient Pattern Matching for Intrusion Detection
نویسندگان
چکیده
Network Intrusion Detection Systems (NIDS) provide an important security function to help defend against network attacks. As network speeds and detection workloads increase, it is important for NIDSes to be highly efficient. Most NIDSes need to check for thousands of known attack patterns in every packet, making pattern matching the most expensive part of signature-based NIDSes in terms of processing and
منابع مشابه
Piranha: A Fast Lookup Pattern Matching Algorithm for Intrusion Detection
Network Intrusion Detection Systems (nIDS) are nowadays an increasingly important defensive mechanism against numerous attacks taking place on the Internet. As network speed is increasing faster than processor speed, intrusion detection at link speed becomes increasingly more challenging. The most expensive part of a nIDS is pattern matching: finding patterns of attack inside packet payload. Th...
متن کاملRecursive Shift Indexing: A Fast Multi-Pattern String Matching Algorithm
String matching algorithms are essential for network devices that filter packets and flows based on their payload. Applications like intrusion detection/prevention, web filtering, anti-virus, and anti-spam all raise the demand for efficient algorithms dealing with string matching. This paper presents a novel multi-pattern string matching algorithm which reduces character comparisons based on re...
متن کاملAldwairi, Monther Mustafa. Hardware Efficient Pattern Matching Algorithms and Architectures for Fast Intrusion Detection. (under the Direction of Dr. Paul Franzon). Table of Contents
ALDWAIRI, MONTHER MUSTAFA. Hardware Efficient Pattern Matching Algorithms and Architectures for Fast Intrusion Detection. (Under the direction of Dr. Paul Franzon). Intrusion detection processors are becoming a predominant feature in the field of network hardware. As demand on more network speed increases and new network protocols emerge, network intrusion detection systems are increasing in im...
متن کاملNetwork intrusion prevention on the network card
CardGuard is a signature detection system for intrusion prevention that scans the entire payload of packets for suspicious patterns and is implemented in software on a network card. The hardware that is used on the card consists of an Intel IXP and various memories. One card can be used to protect either a single host, or a small group of machines connected to a switch. CardGuard is non-intrusi...
متن کاملDesign and Implementation of a Low Complex Pattern Matching Algorithm for Memory Based Computations
Network intrusion detection system is used to inspect packet contents against thousands of predefined malicious or suspicious patterns. Because traditional software alone pattern matching approaches can no longer meet the high throughput of today’s networking, many hardware approaches are proposed to accelerate pattern matching. Among hardware approaches, memory-based architecture has attracted...
متن کامل