BLAST: B-LAyered bad-character SHIFT tables for high-speed pattern matching

In this study, the authors propose a new multi-pattern matching algorithm, called BLAST (B-LAyered bad-character Shift Tables with a single-byte search unit), which considers space-time tradeoff in the context of shift values during the search. Here, the term ‘bad character’ is a character that causes a mismatch. While checking multiple bytes in scanning the text at a time, the BLAST algorithm overcomes the reduction of the average shift value in a typical search, which is caused by the dependency on the multi-byte search unit (MBSU) and the large frequency of the last character of the given patterns. From the theoretical analysis, the authors validate the correctness of the BLAST algorithm. Also, from the experimental results across different setups, the authors show that the BLAST algorithm provides the faster search time than the other algorithms. For example, the authors obtain an enhancement by as much as 212.41% on average for various numbers of attack patterns and attack traffic conditions compared with that of the modified Wu-Manber algorithm. In addition, it is shown that the BLAST algorithm drastically reduces the amount of memory required for constructing the shift table based on a MBSU from 64 KB to 1 KB.

[1]  Udi Manber,et al.  A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING , 1999 .

[2]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[3]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.

[4]  Jorma Tarhio,et al.  Tuning String Matching for Huge Pattern Sets , 2003, CPM.

[5]  Evangelos P. Markatos,et al.  Performance analysis of content matching intrusion detection systems , 2004, 2004 International Symposium on Applications and the Internet. Proceedings..

[6]  Somesh Jha,et al.  XFA: Faster Signature Matching with Extended Automata , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[7]  Raffaele Giancarlo,et al.  The Boyer-Moore-Galil String Searching Strategies Revisited , 1986, SIAM J. Comput..

[8]  T. V. Lakshman,et al.  Variable-Stride Multi-Pattern Matching For Scalable Deep Packet Inspection , 2009, IEEE INFOCOM 2009.

[9]  Somesh Jha,et al.  Backtracking Algorithmic Complexity Attacks against a NIDS , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[10]  Wei Zhang,et al.  MDH: A High Speed Multi-phase Dynamic Hash String Matching Algorithm for Large-Scale Pattern Set , 2007, ICICS.

[11]  Jianping Pan,et al.  WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation , 2007, IEEE Transactions on Dependable and Secure Computing.

[12]  Seung-Woo Seo,et al.  A fast pattern matching algorithm with multi-byte search unit for high-speed network security , 2011, Comput. Commun..

[13]  Nen-Fu Huang,et al.  A fast string-matching algorithm for network processor-based intrusion detection system , 2004, TECS.

[14]  Donald E. Knuth,et al.  Fast Pattern Matching in Strings , 1977, SIAM J. Comput..