A survey on Finite Automata based pattern matching techniques for network Intrusion Detection System (NIDS)

Many network security applications such as Intrusion Detection System (IDS), Firewall and Data Loss Prevention System (DLPS) are based on deep packet inspection, in this packets header as well as payload of the packets are checked with predefined attack signature to identify whether it contains malicious traffic or not. To perform this checking different pattern matching methods are used by NIDS. The most popular method to implement pattern matching is to use of Finite Automata (FA). Generally, regular expressions are used to represent most of the attack signatures defined by NIDS. They are implemented using finite automata, which takes the payload of packet as input string. However, existing approaches of Finite Automata (FA), both deterministic finite automata (DFA) and non-deterministic finite automata (NFA) for pattern matching are having their own advantages and some drawbacks. The DFA based pattern matching methods are fast enough but require more memory. However, NFA based pattern matching methods are comparatively takes less memory but the speed of matching is very slow, to overcome these drawbacks of finite automata there are many approaches have been proposed. This paper discuses comparative study of some Finite Automata (FA) based techniques for pattern matching in network intrusion detection system (NIDS).

[1]  R. K. Lenka,et al.  A Comparative Study on DFA-Based Pattern Matching for Deep Packet Inspection , 2012, 2012 Third International Conference on Computer and Communication Technology.

[2]  Srihari Cadambi,et al.  Memory-Efficient Regular Expression Search Using State Merging , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[3]  T. Aswini Devi,et al.  An Efficient Memory Architecture For Network Intrusion Detection Systems Using Pattern Partitioning And Parallel String Matching , 2013 .

[4]  Dafang Zhang,et al.  A Regular Expression Matching Algorithm Using Transition Merging , 2009, 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing.

[5]  Min Chen,et al.  Chain-Based DFA Deflation for Fast and Scalable Regular Expression Matching Using TCAM , 2011, 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems.

[6]  Xiaofei Wang,et al.  StriFA: Stride Finite Automata for High-Speed Regular Expression Matching in Network Intrusion Detection Systems , 2013, IEEE Systems Journal.

[7]  Ken Thompson,et al.  Programming Techniques: Regular expression search algorithm , 1968, Commun. ACM.

[8]  Victor C. Valgenti,et al.  NFA-Based Pattern Matching for Deep Packet Inspection , 2011, 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN).

[9]  Tian Pan,et al.  Pattern-Based DFA for Memory-Efficient and Scalable Multiple Regular Expression Matching , 2010, 2010 IEEE International Conference on Communications.