Function and Data Parallelization of Wu-Manber Pattern Matching for Intrusion Detection Systems

The safeguarding of networks from malicious activities and intrusions continues to be one of the most important aspects in network security. Intrusion Detection Systems (IDSs) play a fundamental role in network protection. Unfortunately, the speeds of existing IDSs are unable to keep up with the rapid increases in network speeds and attack complexities. Fortunately, parallel computing on multi-core systems can lend a helping hand mitigating this performance gap. In this paper, novel and effective parallel implementations of the Wu-Manber (WM) algorithm for signature-based detection systems are proposed, implemented, and evaluated. The proposed function and data parallel algorithms prove to be effective in terms of execution time reduction and load balancing, thus providing swift intrusion detection at increased network bandwidths. The algorithms achieve an optimal load balance and an average speedup of 2x for four cores.

[1]  Xuezeng Pan,et al.  High Concurrence Wu-Manber Multiple Patterns Matching Algorithm , 2009 .

[2]  Udi Manber,et al.  A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING , 1999 .

[3]  Konstantinos G. Margaritis,et al.  String Matching on a Multicore GPU Using CUDA , 2009, 2009 13th Panhellenic Conference on Informatics.

[4]  Donald E. Knuth,et al.  Fast Pattern Matching in Strings , 1977, SIAM J. Comput..

[5]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[6]  Monther Aldwairi,et al.  Exscind: Fast pattern matching for intrusion detection using exclusion and inclusion filters , 2011, 2011 7th International Conference on Next Generation Web Services Practices.

[7]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[8]  Chuck Pheatt,et al.  Intel® threading building blocks , 2008 .

[9]  Jack Koziol Intrusion Detection with Snort , 2003 .

[10]  Barbara Chapman,et al.  Using OpenMP - portable shared memory parallel programming , 2007, Scientific and engineering computation.

[11]  Lambert Schaelicke,et al.  Characterizing the Performance of Network Intrusion Detection Sensors , 2003, RAID.

[12]  Daniel Sunday,et al.  A very fast substring search algorithm , 1990, CACM.

[13]  R. Nigel Horspool,et al.  Practical fast searching in strings , 1980, Softw. Pract. Exp..

[14]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[15]  Evangelos P. Markatos,et al.  Generating realistic workloads for network intrusion detection systems , 2004, WOSP '04.

[16]  Angela Orebaugh,et al.  Wireshark & Ethereal Network Protocol Analyzer Toolkit , 2007 .