Networking and Communication Engineering

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

A High Throughput Pattern Matching Using Byte Filtered Bit_Split Algorithm


Affiliations
1 VLSI Design, Karpagam University, Coimbatore, India
2 ECE Dept, Karpagam University, Coimbatore, India
     

   Subscribe/Renew Journal


The phenomenal growth of the Internet in the last decade and society's increasing dependence on it has brought along, a flood of security attacks on the networking and computing infrastructure. Intrusion Detection Systems (IDSs) have become widely recognized as powerful tools for identifying, deterring and deflecting malicious attacks over the network. Essential to almost every intrusion detection system is the ability to search through packets and identify content that matches known attacks. Network Intrusion Detection and Prevention Systems have emerged as one of the most effective ways of providing security to those connected to the network, and at the heart of almost every modern intrusion detection system is a pattern matching algorithm. Pattern matching relies on deterministic finite automata (DFA) to search for predefined patterns. Here modifications to the Aho-Corasick pattern-matching algorithm are proposed that drastically reduce the amount of memory required and improve its performance. For Snort rule sets, the new algorithm achieves 30% of memory reduction compared with the traditional Aho–Corasick algorithm. In addition, we can gain further reduction in memory by integrating our approach to the bit-split algorithm which is the state-of-the-art memory-based approach.

Keywords

Aho–Corasick (AC) Algorithm, Finite Automata, Pattern Matching, Intrusion Detection System.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 204

PDF Views: 4




  • A High Throughput Pattern Matching Using Byte Filtered Bit_Split Algorithm

Abstract Views: 204  |  PDF Views: 4

Authors

C. R. Rathish
VLSI Design, Karpagam University, Coimbatore, India
P. Devasundar
ECE Dept, Karpagam University, Coimbatore, India

Abstract


The phenomenal growth of the Internet in the last decade and society's increasing dependence on it has brought along, a flood of security attacks on the networking and computing infrastructure. Intrusion Detection Systems (IDSs) have become widely recognized as powerful tools for identifying, deterring and deflecting malicious attacks over the network. Essential to almost every intrusion detection system is the ability to search through packets and identify content that matches known attacks. Network Intrusion Detection and Prevention Systems have emerged as one of the most effective ways of providing security to those connected to the network, and at the heart of almost every modern intrusion detection system is a pattern matching algorithm. Pattern matching relies on deterministic finite automata (DFA) to search for predefined patterns. Here modifications to the Aho-Corasick pattern-matching algorithm are proposed that drastically reduce the amount of memory required and improve its performance. For Snort rule sets, the new algorithm achieves 30% of memory reduction compared with the traditional Aho–Corasick algorithm. In addition, we can gain further reduction in memory by integrating our approach to the bit-split algorithm which is the state-of-the-art memory-based approach.

Keywords


Aho–Corasick (AC) Algorithm, Finite Automata, Pattern Matching, Intrusion Detection System.