Title :
Multi-Character Processor Array for Pattern Matching in Network Intrusion Detection System
Author :
Chang, Yeim-Kuan ; Tsai, Ming-Li ; Chung, Yu-Ru
Author_Institution :
Nat. Cheng Kung Univ., Tainan
Abstract :
Network intrusion detection system (NIDS) is a system developed for identifying attacks by using a set of rules. NIDS is an efficient way to provide the security protection for today´s Internet. Pattern match algorithm plays an important role in NIDS that performs searches against multiple patterns for a string match. Pattern matching is a computationally expensive task. Traditional software-based NIDS solutions usually can not achieve a high-speed required for ever growing Internet attacks. In order to satisfy high-speed packet content inspection, hardware-implementable pattern match algorithm is required. In this paper, we propose a hardware-based pattern match architecture that employs a multi-character processor array. The proposed multi-character processor array is a parallel and pipelined architecture which can process multiple characters of the input stream per cycle. The proposed architecture can reduce a lot of unnecessary computations and thus it is power efficient. We use snort pattern sets and DEFCON packet traces to perform our simulations. Our experiment results show that, with a 3-character processor array, we can reduce 83% of the computations compared with the brute force approach.
Keywords :
Internet; parallel architectures; pipeline processing; security of data; string matching; DEFCON packet traces; Internet; attacks identification; hardware-based pattern match architecture; multicharacter processor array; network intrusion detection system; packet content inspection; parallel architecture; pipelined architecture; security protection; snort pattern sets; string matching; Application software; Automata; Computer architecture; Computer science; Filters; Internet; Intrusion detection; Pattern matching; Payloads; Protection; Snort; intrusion detection; pattern matching; processor array;
Conference_Titel :
Advanced Information Networking and Applications, 2008. AINA 2008. 22nd International Conference on
Conference_Location :
Okinawa
Print_ISBN :
978-0-7695-3095-6
DOI :
10.1109/AINA.2008.119