论文信息 - Fast Pattern Matching Approach for Intrusion Detection Systems

Fast Pattern Matching Approach for Intrusion Detection Systems

Intrusion detection system (IDS) consists of set of techniques and methods for collection of packets from host system or network and analyzes those packets for anomalous content. IDSs mainly fall into two categories: signature-based IDSs and anomaly detection systems. A rule-based IDS compares the incoming packets against rule set in order to detect intrusion. A common approach followed is to build rule trees or finite automata with rule set and traverse it using a packet as input string. 30–60 % of total signature-based IDS processing time is spent on pattern matching [1]. The existing signature-based IDS cannot meet the speed demands imposed by both high network speeds and increasing number of signatures, and more CPU time is spent on searching for rules that match each packet. In this paper, we are going to present an analysis on IDS that is combined with other methods and techniques to produce greater results and hence contribute to the improvement of IDS.

K. G. Srinivasa | M. Manjunath | Anil Kumar Muppalla | K. Srinivasa | M. Manjunath

[1] Alfred V. Aho,et al. Efficient string matching , 1975, Commun. ACM.

[2] Jignesh M. Patel,et al. SigMatch: Fast and Scalable Multi-Pattern Matching , 2010, Proc. VLDB Endow..

[3] Donald E. Knuth,et al. Fast Pattern Matching in Strings , 1977, SIAM J. Comput..

[4] Beate Commentz-Walter,et al. A String Matching Algorithm Fast on the Average , 1979, ICALP.

[5] Evangelos P. Markatos,et al. : A DOMAIN-SPECIFIC STRING MATCHING ALGORITHM FOR INTRUSION DETECTION , 2003 .

[6] Burton H. Bloom,et al. Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[7] Monther Aldwairi,et al. Exscind: Fast pattern matching for intrusion detection using exclusion and inclusion filters , 2011, 2011 7th International Conference on Next Generation Web Services Practices.

[8] Haoyu Song,et al. Fast hash table lookup using extended bloom filter: an aid to network processing , 2005, SIGCOMM '05.

[9] Yuan Zhang,et al. A Digest and Pattern Matching-Based Intrusion Detection Engine , 2009, Comput. J..

[10] John W. Lockwood,et al. Fast and Scalable Pattern Matching for Network Intrusion Detection Systems , 2006, IEEE Journal on Selected Areas in Communications.