A Fast Pattern-Matching Algorithm for Network Intrusion Detection System
نویسندگان
چکیده
We present a multi-gigabit rate multiple pattern-matching algorithm with TCAM that enables protecting against malicious attacks in a high-speed network. The proposed algorithm significantly reduces the number of TCAM lookups per payload with m-byte jumping window scheme. Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload in order to inspect the content. Furthermore, multi-packet inspection is achieved easily by the extended state transition diagram with the shifting distance. With experimental results, we have clearly justified the proposed algorithm works well for a multi-gigabit network intrusion detection system.
منابع مشابه
Improvement and parallelization of Snort network intrusion detection mechanism using graphics processing unit
Nowadays, Network Intrusion Detection Systems (NIDS) are widely used to provide full security on computer networks. IDS are categorized into two primary types, including signature-based systems and anomaly-based systems. The former is more commonly used than the latter due to its lower error rate. The core of a signature-based IDS is the pattern matching. This process is inherently a computatio...
متن کاملA Hybrid Framework for Building an Efficient Incremental Intrusion Detection System
In this paper, a boosting-based incremental hybrid intrusion detection system is introduced. This system combines incremental misuse detection and incremental anomaly detection. We use boosting ensemble of weak classifiers to implement misuse intrusion detection system. It can identify new classes types of intrusions that do not exist in the training dataset for incremental misuse detection. As...
متن کاملAldwairi, Monther Mustafa. Hardware Efficient Pattern Matching Algorithms and Architectures for Fast Intrusion Detection. (under the Direction of Dr. Paul Franzon). Table of Contents
ALDWAIRI, MONTHER MUSTAFA. Hardware Efficient Pattern Matching Algorithms and Architectures for Fast Intrusion Detection. (Under the direction of Dr. Paul Franzon). Intrusion detection processors are becoming a predominant feature in the field of network hardware. As demand on more network speed increases and new network protocols emerge, network intrusion detection systems are increasing in im...
متن کاملAC-BM-GA Pattern Matching Algorithm Approach for Intrusion Detection
In network security, Intrusion Detection System plays a reasonable supplementary role for the firewall. It improves the security and reliability of the computer and helps protect computers from network attacks. At present intrusion detection system analysis module uses the pattern matching technology. In this article, through analyzing the advantages and disadvantages of the main pattern matchi...
متن کاملPiranha: A Fast Lookup Pattern Matching Algorithm for Intrusion Detection
Network Intrusion Detection Systems (nIDS) are nowadays an increasingly important defensive mechanism against numerous attacks taking place on the Internet. As network speed is increasing faster than processor speed, intrusion detection at link speed becomes increasingly more challenging. The most expensive part of a nIDS is pattern matching: finding patterns of attack inside packet payload. Th...
متن کامل