Abstract
As the variety of hazardous packet payload contents increases, the intrusion detection system (IDS) should be able to detect numerous patterns in real time. For this reason, this paper proposes an Aho-Corasick algorithm based parallel string matching. In order to balance memory usage between homogeneous finite-state machine (FSM) tiles for each string matcher, an optimal set of bit position groups is determined. Target patterns are sorted by binary-reflected gray code (BRGC), which reduces bit transitions in patterns mapped onto a string matcher. In the evaluations of Snort rules, the proposed string matching outperforms the existing bit-split string matching.
Original language | English |
---|---|
Article number | 5353291 |
Pages (from-to) | 1004-1006 |
Number of pages | 3 |
Journal | IEEE Communications Letters |
Volume | 13 |
Issue number | 12 |
DOIs | |
Publication status | Published - 2009 Dec 1 |
Fingerprint
All Science Journal Classification (ASJC) codes
- Modelling and Simulation
- Computer Science Applications
- Electrical and Electronic Engineering
Cite this
}
A memory-efficient parallel string matching for intrusion detection systems. / Kim, Hyunjin; Hong, Hjhong; Kim, Hong Sik; Kang, Sungho.
In: IEEE Communications Letters, Vol. 13, No. 12, 5353291, 01.12.2009, p. 1004-1006.Research output: Contribution to journal › Article
TY - JOUR
T1 - A memory-efficient parallel string matching for intrusion detection systems
AU - Kim, Hyunjin
AU - Hong, Hjhong
AU - Kim, Hong Sik
AU - Kang, Sungho
PY - 2009/12/1
Y1 - 2009/12/1
N2 - As the variety of hazardous packet payload contents increases, the intrusion detection system (IDS) should be able to detect numerous patterns in real time. For this reason, this paper proposes an Aho-Corasick algorithm based parallel string matching. In order to balance memory usage between homogeneous finite-state machine (FSM) tiles for each string matcher, an optimal set of bit position groups is determined. Target patterns are sorted by binary-reflected gray code (BRGC), which reduces bit transitions in patterns mapped onto a string matcher. In the evaluations of Snort rules, the proposed string matching outperforms the existing bit-split string matching.
AB - As the variety of hazardous packet payload contents increases, the intrusion detection system (IDS) should be able to detect numerous patterns in real time. For this reason, this paper proposes an Aho-Corasick algorithm based parallel string matching. In order to balance memory usage between homogeneous finite-state machine (FSM) tiles for each string matcher, an optimal set of bit position groups is determined. Target patterns are sorted by binary-reflected gray code (BRGC), which reduces bit transitions in patterns mapped onto a string matcher. In the evaluations of Snort rules, the proposed string matching outperforms the existing bit-split string matching.
UR - http://www.scopus.com/inward/record.url?scp=73449123055&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=73449123055&partnerID=8YFLogxK
U2 - 10.1109/LCOMM.2009.12.082230
DO - 10.1109/LCOMM.2009.12.082230
M3 - Article
AN - SCOPUS:73449123055
VL - 13
SP - 1004
EP - 1006
JO - IEEE Communications Letters
JF - IEEE Communications Letters
SN - 1089-7798
IS - 12
M1 - 5353291
ER -