• DocumentCode
    3072616
  • Title

    An Efficient Pattern Matching Algorithm for Intrusion Detection Systems

  • Author

    Anithakumari, S. ; Chithraprasad, D.

  • Author_Institution
    Dept. of Comput. Sci. & Eng., LBSITW, Kerala
  • fYear
    2009
  • fDate
    6-7 March 2009
  • Firstpage
    223
  • Lastpage
    227
  • Abstract
    Intrusion detection systems are treated as vital elements of protective measures to computer systems and networks from abuse. The drastic increase in network speed and detection workloads necessitates the need for highly efficient network intrusion detection systems(NIDS). Since most NIDSs need to check for a large number of known attack patterns in every packet, pattern matching becomes the most significant part of signature-based NIDSs in terms of processing and memory resources. To support segmentation of network traffic and to detect fragmented attacks, we propose a method which performs both ´partial´ and ´full´ pattern matching using the data structure CDAWG (Compact Direct Acyclic Word Graph). In the present work, we designed and implemented an efficient string matching algorithm using CDAWG structure. Experimental results show that this algorithm is 2.5 times faster than the currently used Aho-Corasick algorithm.
  • Keywords
    data structures; digital signatures; security of data; string matching; CDAWG data structure; attack pattern; compact direct acyclic word graph; fragmented attack detection; network intrusion detection system; network traffic; pattern matching algorithm; signature-based NIDS; string matching algorithm; Computer networks; Computer science; Data structures; Databases; Intrusion detection; Monitoring; Pattern matching; Protocols; Telecommunication traffic; Testing; Aho-Corasick; Boyer-Moore; Dawg structure; Snort; intrusion detection; pattern matching; rule database;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Advance Computing Conference, 2009. IACC 2009. IEEE International
  • Conference_Location
    Patiala
  • Print_ISBN
    978-1-4244-2927-1
  • Electronic_ISBN
    978-1-4244-2928-8
  • Type

    conf

  • DOI
    10.1109/IADCC.2009.4809011
  • Filename
    4809011