• DocumentCode
    1355434
  • Title

    A memory-efficient parallel string matching for intrusion detection systems

  • Author

    HyunJin Kim ; Hyejeong Hong ; Hong-Sik Kim ; Sungho Kang

  • Author_Institution
    Dept. of Electr. & Electron. Eng., Yonsei Univ., Seoul, South Korea
  • Volume
    13
  • Issue
    12
  • fYear
    2009
  • fDate
    12/1/2009 12:00:00 AM
  • Firstpage
    1004
  • Lastpage
    1006
  • Abstract
    As the variety of hazardous packet payload contents increases, the intrusion detection system (IDS) should be able to detect numerous patterns in real time. For this reason, this paper proposes an Aho-Corasick algorithm based parallel string matching. In order to balance memory usage between homogeneous finite-state machine (FSM) tiles for each string matcher, an optimal set of bit position groups is determined. Target patterns are sorted by binary-reflected gray code (BRGC), which reduces bit transitions in patterns mapped onto a string matcher. In the evaluations of Snort rules, the proposed string matching outperforms the existing bit-split string matching.
  • Keywords
    Gray codes; finite state machines; security of data; string matching; Aho-Corasick algorithm; Snort rules; binary-reflected gray code; bit-split string matching; hazardous packet payload contents; homogeneous finite-state machine; intrusion detection systems; memory-efficient parallel string matching; Automata; Condition monitoring; Intrusion detection; Pattern matching; Payloads; Real time systems; Reflective binary codes; Scalability; Computer network security; finite state machines; site security monitoring; string matching;
  • fLanguage
    English
  • Journal_Title
    Communications Letters, IEEE
  • Publisher
    ieee
  • ISSN
    1089-7798
  • Type

    jour

  • DOI
    10.1109/LCOMM.2009.12.082230
  • Filename
    5353291
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1355434