A memory-efficient parallel string matching for intrusion detection systems

Hyunjin Kim, Hjhong Hong, Hong Sik Kim, Sungho Kang

Research output: Contribution to journalArticle

9 Citations (Scopus)

Abstract

As the variety of hazardous packet payload contents increases, the intrusion detection system (IDS) should be able to detect numerous patterns in real time. For this reason, this paper proposes an Aho-Corasick algorithm based parallel string matching. In order to balance memory usage between homogeneous finite-state machine (FSM) tiles for each string matcher, an optimal set of bit position groups is determined. Target patterns are sorted by binary-reflected gray code (BRGC), which reduces bit transitions in patterns mapped onto a string matcher. In the evaluations of Snort rules, the proposed string matching outperforms the existing bit-split string matching.

Original languageEnglish
Article number5353291
Pages (from-to)1004-1006
Number of pages3
JournalIEEE Communications Letters
Volume13
Issue number12
DOIs
Publication statusPublished - 2009 Dec 1

Fingerprint

String Matching
Intrusion detection
Intrusion Detection
Data storage equipment
Strings
Gray Code
Finite automata
State Machine
Tile
Binary
Target
Evaluation

All Science Journal Classification (ASJC) codes

  • Modelling and Simulation
  • Computer Science Applications
  • Electrical and Electronic Engineering

Cite this

Kim, Hyunjin ; Hong, Hjhong ; Kim, Hong Sik ; Kang, Sungho. / A memory-efficient parallel string matching for intrusion detection systems. In: IEEE Communications Letters. 2009 ; Vol. 13, No. 12. pp. 1004-1006.
@article{d62ced688f174ce4a373470b40421ca6,
title = "A memory-efficient parallel string matching for intrusion detection systems",
abstract = "As the variety of hazardous packet payload contents increases, the intrusion detection system (IDS) should be able to detect numerous patterns in real time. For this reason, this paper proposes an Aho-Corasick algorithm based parallel string matching. In order to balance memory usage between homogeneous finite-state machine (FSM) tiles for each string matcher, an optimal set of bit position groups is determined. Target patterns are sorted by binary-reflected gray code (BRGC), which reduces bit transitions in patterns mapped onto a string matcher. In the evaluations of Snort rules, the proposed string matching outperforms the existing bit-split string matching.",
author = "Hyunjin Kim and Hjhong Hong and Kim, {Hong Sik} and Sungho Kang",
year = "2009",
month = "12",
day = "1",
doi = "10.1109/LCOMM.2009.12.082230",
language = "English",
volume = "13",
pages = "1004--1006",
journal = "IEEE Communications Letters",
issn = "1089-7798",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "12",

}

A memory-efficient parallel string matching for intrusion detection systems. / Kim, Hyunjin; Hong, Hjhong; Kim, Hong Sik; Kang, Sungho.

In: IEEE Communications Letters, Vol. 13, No. 12, 5353291, 01.12.2009, p. 1004-1006.

Research output: Contribution to journalArticle

TY - JOUR

T1 - A memory-efficient parallel string matching for intrusion detection systems

AU - Kim, Hyunjin

AU - Hong, Hjhong

AU - Kim, Hong Sik

AU - Kang, Sungho

PY - 2009/12/1

Y1 - 2009/12/1

N2 - As the variety of hazardous packet payload contents increases, the intrusion detection system (IDS) should be able to detect numerous patterns in real time. For this reason, this paper proposes an Aho-Corasick algorithm based parallel string matching. In order to balance memory usage between homogeneous finite-state machine (FSM) tiles for each string matcher, an optimal set of bit position groups is determined. Target patterns are sorted by binary-reflected gray code (BRGC), which reduces bit transitions in patterns mapped onto a string matcher. In the evaluations of Snort rules, the proposed string matching outperforms the existing bit-split string matching.

AB - As the variety of hazardous packet payload contents increases, the intrusion detection system (IDS) should be able to detect numerous patterns in real time. For this reason, this paper proposes an Aho-Corasick algorithm based parallel string matching. In order to balance memory usage between homogeneous finite-state machine (FSM) tiles for each string matcher, an optimal set of bit position groups is determined. Target patterns are sorted by binary-reflected gray code (BRGC), which reduces bit transitions in patterns mapped onto a string matcher. In the evaluations of Snort rules, the proposed string matching outperforms the existing bit-split string matching.

UR - http://www.scopus.com/inward/record.url?scp=73449123055&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=73449123055&partnerID=8YFLogxK

U2 - 10.1109/LCOMM.2009.12.082230

DO - 10.1109/LCOMM.2009.12.082230

M3 - Article

AN - SCOPUS:73449123055

VL - 13

SP - 1004

EP - 1006

JO - IEEE Communications Letters

JF - IEEE Communications Letters

SN - 1089-7798

IS - 12

M1 - 5353291

ER -