Networking and Communication Engineering

G. Ramachandran
Department of Computer Science & Engineering, Annamalai University, Annamalainagar – 608 002, Tamil Nadu, India

K. Selvakumar
Department of Computer Science & Engineering, Annamalai University, Annamalainagar – 608 002, Tamil Nadu, India

M. Mamallan
Department of Computer Science & Engineering, Annamalai University, Annamalainagar – 608 002, Tamil Nadu, India

Abstract

The most important technology for fast payload inspection is an efficient multi-pattern matching algorithm, which performs exact string matching between packets and a large set of predefined patterns. In this paper, we have proposed a novel Enhanced Hierarchical Multi-pattern Matching Algorithm (EHMA) for packet inspection. Based on the occurrence frequency of grams, a small set of the most frequent grams is discovered and used in the EHMA. EHMA is a two-tier and cluster-wise matching algorithm, which significantly reduces the amount of external memory accesses and the capacity of memory. Using a skippable scan strategy, EHMA speeds up the scanning process. Furthermore, independent of parallel and special functions, EHMA is very simple and therefore practical for both software and hardware implementations. Simulation results reveal that EHMA significantly improves the matching performance. The speed of EHMA is about 0.89-1.161 times faster than that of current matching algorithms. Even under real-life intense attack, EHMA still performs well. An intrusion detection system must reliably detect malicious activities in a network and must perform efficiently to cope with the large amount of network traffic. High attack detection accuracy can be achieved by using Conditional Random fields and high efficiency is achieved by implementing the Layered Approach. System is robust and is able to handle noisy data without compromising performance. To detect as many attacks as possible with minimum number of false alarms, i.e., the system must be accurate in detecting attacks.

Keywords