Adaptive Character Frequency-Based Exclusive Signature Matching Scheme in Distributed Intrusion Detection Environment

Currently, signature-based network intrusion detection systems (NIDSs) are being widely deployed in distributed network environment with the purpose of protecting network communications from various attacks. However, signature matching has become a key limiting factor to restrict the performance of a signature-based NIDS in large-scale distributed network environment. The overhead network packets can greatly reduce the effectiveness of such detection systems and heavily consume computer resources. To mitigate this issue, a more efficient signature matching algorithm is desirable. In this paper, we therefore develop an adaptive character frequency-based exclusive signature matching scheme that can be implemented in a signature-based NIDS to help improve the performance of signature matching. In the experiment, we implemented our scheme in a distributed network environment and evaluated the performance of our scheme compared with Snort. The experimental results show that, in our distributed network environment, our scheme can positively reduce the time consumption in the range from 11.2% to 37.6%.