Title :
NIS04-6: A Time- and Memory- Efficient String Matching Algorithm for Intrusion Detection Systems
Author :
Sheu, Tzu-Fang ; Huang, Nen-Fu ; Lee, Hsiao-Ping
Author_Institution :
Inst. of Commun. Eng., Nat. Tsing-Hua Univ., Hsinchu
fDate :
Nov. 27 2006-Dec. 1 2006
Abstract :
Intrusion Detection Systems (IDSs) are known as useful tools for identifying malicious attempts over the network. The most essential part to an IDS is the searching engine that inspects every packet through the network. To strictly defend the protectorate, an IDS must be able to inspect packets at line rate and also provide guaranteed performance even under heavy attacks. Therefore, in this paper we propose an efficient string matching algorithm (named ACM) with compact memory as well as high worst-case performance. Using a magic number heuristic based on the Chinese remainder theorem, the proposed ACM significantly reduces the memory requirement without bringing complex processes. Furthermore, the latency of off-chip memory references is drastically reduced. The proposed ACM can be easily implemented in hardware and software. As a result, ACM enables cost-effective and efficient IDSs.
Keywords :
computer viruses; packet radio networks; security of data; string matching; telecommunication computing; telecommunication services; ACM; IDS; intrusion detection systems; network packets; string matching algorithm; Biomedical engineering; Computer science; Filters; Hardware; Health information management; Inspection; Intrusion detection; Pattern matching; Payloads; Protection;
Conference_Titel :
Global Telecommunications Conference, 2006. GLOBECOM '06. IEEE
Conference_Location :
San Francisco, CA
Print_ISBN :
1-4244-0356-1
Electronic_ISBN :
1930-529X
DOI :
10.1109/GLOCOM.2006.284
