Piranha: A Fast Lookup Pattern Matching Algorithm for Intrusion Detection
نویسندگان
چکیده
Network Intrusion Detection Systems (nIDS) are nowadays an increasingly important defensive mechanism against numerous attacks taking place on the Internet. As network speed is increasing faster than processor speed, intrusion detection at link speed becomes increasingly more challenging. The most expensive part of a nIDS is pattern matching: finding patterns of attack inside packet payload. This paper presents Piranha, a fast algorithm for pattern matching oriented to intrusion detection domain. It is based on the observation that if the rarest substring of a pattern does not appear, then the whole pattern will definitely not match. Our results, based on traces that represent various network environments, indicate that Piranha can enhance the performance of a nIDS by 11% to 28% in terms of processing time and by 18% to 73% in terms of memory consumption comparing to existing state-of-the-art algorithms.
منابع مشابه
Piranha: Fast and Memory-Efficient Pattern Matching for Intrusion Detection
Network Intrusion Detection Systems (NIDS) provide an important security function to help defend against network attacks. As network speeds and detection workloads increase, it is important for NIDSes to be highly efficient. Most NIDSes need to check for thousands of known attack patterns in every packet, making pattern matching the most expensive part of signature-based NIDSes in terms of proc...
متن کاملImprovement and parallelization of Snort network intrusion detection mechanism using graphics processing unit
Nowadays, Network Intrusion Detection Systems (NIDS) are widely used to provide full security on computer networks. IDS are categorized into two primary types, including signature-based systems and anomaly-based systems. The former is more commonly used than the latter due to its lower error rate. The core of a signature-based IDS is the pattern matching. This process is inherently a computatio...
متن کاملA Fast and Scalable Multi-Pattern Matching Algorithm for Intrusion Detection Systems
In order to protect networks from attacks, network intrusion detection systems (NIDS) have been widely deployed. These devices scan incoming packets to detect malicious content according to the predefined patterns. It is time consuming for NIDS to inspect each packet to check if it contains any patterns. In this paper, we propose a scalable and high-performance pattern matching algorithm. The k...
متن کاملAldwairi, Monther Mustafa. Hardware Efficient Pattern Matching Algorithms and Architectures for Fast Intrusion Detection. (under the Direction of Dr. Paul Franzon). Table of Contents
ALDWAIRI, MONTHER MUSTAFA. Hardware Efficient Pattern Matching Algorithms and Architectures for Fast Intrusion Detection. (Under the direction of Dr. Paul Franzon). Intrusion detection processors are becoming a predominant feature in the field of network hardware. As demand on more network speed increases and new network protocols emerge, network intrusion detection systems are increasing in im...
متن کاملA Fast Pattern-Matching Algorithm for Network Intrusion Detection System
We present a multi-gigabit rate multiple pattern-matching algorithm with TCAM that enables protecting against malicious attacks in a high-speed network. The proposed algorithm significantly reduces the number of TCAM lookups per payload with m-byte jumping window scheme. Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload in order ...
متن کامل