Title :
L+1-MWM: A Fast Pattern Matching Algorithm for High-Speed Packet Filtering
Author :
Choi, Yoon-Ho ; Jung, Moon-Young ; Seo, Seung-Woo
Author_Institution :
Seoul Nat. Univ., Seoul
Abstract :
A signature-based network intrusion detection system (NIDS) identifies intrusions by comparing the data traffic with known signature patterns. In this process, matching of packet strings against signature patterns dominates the overall system performance. The MWM algorithm has been known as the fastest pattern matching algorithm when the patterns in a rule set rarely appear in packets. However, the matching time does not decrease if the length of the shortest pattern in a signature group is too short. In this paper, by extending the length of the shortest pattern, we minimize the pattern matching time of the algorithm which uses multi-byte unit. For example, when the length of the shortest pattern is less than 5, the proposed algorithm shows 38.87% enhancement in average.
Keywords :
computer networks; digital signatures; security of data; string matching; telecommunication security; MWM algorithm; SHIFT table; high-speed packet filtering; network intrusion detection system; pattern string matching algorithm; signature-based NIDS; Communication networks; Communications Society; Computer networks; Computer security; Filtering algorithms; Intrusion detection; Matched filters; Pattern matching; System performance; Telecommunication traffic;
Conference_Titel :
INFOCOM 2008. The 27th Conference on Computer Communications. IEEE
Conference_Location :
Phoenix, AZ
Print_ISBN :
978-1-4244-2025-4
Electronic_ISBN :
0743-166X
DOI :
10.1109/INFOCOM.2008.297
