Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지

Robust Quick String Matching Algorithm for Network Security

네트워크 보안을 위한 강력한 문자열 매칭 알고리즘

  • 이종욱 (한국폴리텍 I대학 정수캠퍼스 유비쿼터스통신과) ;
  • 박찬길 (숭실사이버대학교 정보보안학과)
  • Received : 2013.11.25
  • Accepted : 2013.12.11
  • Published : 2013.12.30
⟨ Previous Next ⟩

Abstract

String matching is one of the key algorithms in network security and many areas could be benefit from a faster string matching algorithm. Based on the most efficient string matching algorithm in sual applications, the Boyer-Moore (BM) algorithm, a novel algorithm called RQS is proposed. RQS utilizes an improved bad character heuristic to achieve bigger shift value area and an enhanced good suffix heuristic to dramatically improve the worst case performance. The two heuristics combined with a novel determinant condition to switch between them enable RQS achieve a higher performance than BM both under normal and worst case situation. The experimental results reveal that RQS appears efficient than BM many times in worst case, and the longer the pattern, the bigger the performance improvement. The performance of RQS is 7.57~36.34% higher than BM in English text searching, 16.26~26.18% higher than BM in uniformly random text searching, and 9.77% higher than BM in the real world Snort pattern set searching.

Keywords

References

  1. M. Norton, and D. Roelker, "The new Snort," Computer security journal, vol. 19, no. 3, 2003, pp. 37-47.
  2. M. Roesch, "Snort: lightweight intrusion detection for networks," Proc. 13th System Administration Conference and Exhibition (LISA'1999), 1999, pp. 229-238.
  3. R. Boyer, and J. Moore, "A fast string searching algorithm," Communications of the ACM, vol. 20, no. 10, 1977, pp. 762-772. https://doi.org/10.1145/359842.359859
  4. E. P. Markatos, S. Antonatos, M. Polychronakis, and K. G. Anagnostakis, "EXB: Exclusion-based signature matching for intrusion detection," Proc. The CCN'02, 2002.
  5. K. G. Anagnostakis, E. P. Markatos, S. Antonatos, and M. Polychronakis, "E2XB: A domain-specific string matching algorithm for intrusion detection," Proc. 18th IFIP International Information Security Conference (SEC2003), 2003.
  6. M. Fisk, and G. Varghese, "Fast content-based packet handling for intrusion detection," UCSD Technical Report CS2001-0670, May 2001.
  7. 정수목, "동영상의 블록내 지역성을 이용하는 효율적인 다단계 연속 제거알고리즘," 디지털산업정보학회 논문지, 5권, 4호, 2009, pp. 179-187.
  8. S. Antonatos, K. G. Anagnostakis, and E. P. Markatos, "Generating realistic workloads for network intrusion detection systems," Software engineering notes, vol. 29, no. 1, 2004, pp. 207-215. https://doi.org/10.1145/974043.974078
  9. R. N. Horspool, "Practical fast searching in strings," Software practice and experience, vol. 10, no. 6, 1980, pp. 501-506. https://doi.org/10.1002/spe.4380100608
  10. R. M. Karp, and M. O. Rabin, "Efficient randomized pattern-matching algorithms," IBM J. Res. Dev., vol. 31, no. 2, 1987, pp. 249-260. https://doi.org/10.1147/rd.312.0249
  11. D. Knuth, J. Morris, and V. Pratt, "Fast pattern matching in strings," SIAM journal on computing, vol. 6, no. 2, 1977, pp. 323-350. https://doi.org/10.1137/0206024
  12. 구윤모, 김영로, "잡음 영상에서의 에지 검출," 디지털산업정보학회 논문지, 8권, 3호, 2012, pp. 41-47.