A memory-efficient parallel string matching for intrusion detection systems

Hyunjin Kim; Hjhong Hong; Hong Sik Kim; S. Kang

doi:10.1109/LCOMM.2009.12.082230

A memory-efficient parallel string matching for intrusion detection systems

Hyunjin Kim, Hjhong Hong, Hong Sik Kim, S. Kang

Department of Electrical and Electronic Engineering

Research output: Contribution to journal › Article

10 Citations (Scopus)

Abstract

As the variety of hazardous packet payload contents increases, the intrusion detection system (IDS) should be able to detect numerous patterns in real time. For this reason, this paper proposes an Aho-Corasick algorithm based parallel string matching. In order to balance memory usage between homogeneous finite-state machine (FSM) tiles for each string matcher, an optimal set of bit position groups is determined. Target patterns are sorted by binary-reflected gray code (BRGC), which reduces bit transitions in patterns mapped onto a string matcher. In the evaluations of Snort rules, the proposed string matching outperforms the existing bit-split string matching.

Original language	English
Article number	5353291
Pages (from-to)	1004-1006
Number of pages	3
Journal	IEEE Communications Letters
Volume	13
Issue number	12
DOIs	https://doi.org/10.1109/LCOMM.2009.12.082230
Publication status	Published - 2009 Dec

All Science Journal Classification (ASJC) codes

Modelling and Simulation
Computer Science Applications
Electrical and Electronic Engineering

Access to Document

10.1109/LCOMM.2009.12.082230

Fingerprint Dive into the research topics of 'A memory-efficient parallel string matching for intrusion detection systems'. Together they form a unique fingerprint.

Cite this

Kim, H., Hong, H., Kim, H. S., & Kang, S. (2009). A memory-efficient parallel string matching for intrusion detection systems. IEEE Communications Letters, 13(12), 1004-1006. [5353291]. https://doi.org/10.1109/LCOMM.2009.12.082230

@article{d62ced688f174ce4a373470b40421ca6,

title = "A memory-efficient parallel string matching for intrusion detection systems",

abstract = "As the variety of hazardous packet payload contents increases, the intrusion detection system (IDS) should be able to detect numerous patterns in real time. For this reason, this paper proposes an Aho-Corasick algorithm based parallel string matching. In order to balance memory usage between homogeneous finite-state machine (FSM) tiles for each string matcher, an optimal set of bit position groups is determined. Target patterns are sorted by binary-reflected gray code (BRGC), which reduces bit transitions in patterns mapped onto a string matcher. In the evaluations of Snort rules, the proposed string matching outperforms the existing bit-split string matching.",

author = "Hyunjin Kim and Hjhong Hong and Kim, {Hong Sik} and S. Kang",

year = "2009",

month = dec,

doi = "10.1109/LCOMM.2009.12.082230",

language = "English",

volume = "13",

pages = "1004--1006",

journal = "IEEE Communications Letters",

issn = "1089-7798",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "12",

}

TY - JOUR

T1 - A memory-efficient parallel string matching for intrusion detection systems

AU - Kim, Hyunjin

AU - Hong, Hjhong

AU - Kim, Hong Sik

AU - Kang, S.

PY - 2009/12

Y1 - 2009/12

N2 - As the variety of hazardous packet payload contents increases, the intrusion detection system (IDS) should be able to detect numerous patterns in real time. For this reason, this paper proposes an Aho-Corasick algorithm based parallel string matching. In order to balance memory usage between homogeneous finite-state machine (FSM) tiles for each string matcher, an optimal set of bit position groups is determined. Target patterns are sorted by binary-reflected gray code (BRGC), which reduces bit transitions in patterns mapped onto a string matcher. In the evaluations of Snort rules, the proposed string matching outperforms the existing bit-split string matching.

AB - As the variety of hazardous packet payload contents increases, the intrusion detection system (IDS) should be able to detect numerous patterns in real time. For this reason, this paper proposes an Aho-Corasick algorithm based parallel string matching. In order to balance memory usage between homogeneous finite-state machine (FSM) tiles for each string matcher, an optimal set of bit position groups is determined. Target patterns are sorted by binary-reflected gray code (BRGC), which reduces bit transitions in patterns mapped onto a string matcher. In the evaluations of Snort rules, the proposed string matching outperforms the existing bit-split string matching.

UR - http://www.scopus.com/inward/record.url?scp=73449123055&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=73449123055&partnerID=8YFLogxK

U2 - 10.1109/LCOMM.2009.12.082230

DO - 10.1109/LCOMM.2009.12.082230

M3 - Article

AN - SCOPUS:73449123055

VL - 13

SP - 1004

EP - 1006

JO - IEEE Communications Letters

JF - IEEE Communications Letters

SN - 1089-7798

IS - 12

M1 - 5353291

ER -