Browse > Article

Robust Quick String Matching Algorithm for Network Security  

Lee, Jong Woock (한국폴리텍 I대학 정수캠퍼스 유비쿼터스통신과)
Park, Chan Kil (숭실사이버대학교 정보보안학과)
Publication Information
Journal of Korea Society of Digital Industry and Information Management / v.9, no.4, 2013 , pp. 135-141 More about this Journal
Abstract
String matching is one of the key algorithms in network security and many areas could be benefit from a faster string matching algorithm. Based on the most efficient string matching algorithm in sual applications, the Boyer-Moore (BM) algorithm, a novel algorithm called RQS is proposed. RQS utilizes an improved bad character heuristic to achieve bigger shift value area and an enhanced good suffix heuristic to dramatically improve the worst case performance. The two heuristics combined with a novel determinant condition to switch between them enable RQS achieve a higher performance than BM both under normal and worst case situation. The experimental results reveal that RQS appears efficient than BM many times in worst case, and the longer the pattern, the bigger the performance improvement. The performance of RQS is 7.57~36.34% higher than BM in English text searching, 16.26~26.18% higher than BM in uniformly random text searching, and 9.77% higher than BM in the real world Snort pattern set searching.
Keywords
String Matching; Network Security; Algorithmic Performance Attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 M. Norton, and D. Roelker, "The new Snort," Computer security journal, vol. 19, no. 3, 2003, pp. 37-47.
2 M. Roesch, "Snort: lightweight intrusion detection for networks," Proc. 13th System Administration Conference and Exhibition (LISA'1999), 1999, pp. 229-238.
3 R. Boyer, and J. Moore, "A fast string searching algorithm," Communications of the ACM, vol. 20, no. 10, 1977, pp. 762-772.   DOI   ScienceOn
4 E. P. Markatos, S. Antonatos, M. Polychronakis, and K. G. Anagnostakis, "EXB: Exclusion-based signature matching for intrusion detection," Proc. The CCN'02, 2002.
5 K. G. Anagnostakis, E. P. Markatos, S. Antonatos, and M. Polychronakis, "E2XB: A domain-specific string matching algorithm for intrusion detection," Proc. 18th IFIP International Information Security Conference (SEC2003), 2003.
6 M. Fisk, and G. Varghese, "Fast content-based packet handling for intrusion detection," UCSD Technical Report CS2001-0670, May 2001.
7 정수목, "동영상의 블록내 지역성을 이용하는 효율적인 다단계 연속 제거알고리즘," 디지털산업정보학회 논문지, 5권, 4호, 2009, pp. 179-187.
8 S. Antonatos, K. G. Anagnostakis, and E. P. Markatos, "Generating realistic workloads for network intrusion detection systems," Software engineering notes, vol. 29, no. 1, 2004, pp. 207-215.   DOI
9 R. N. Horspool, "Practical fast searching in strings," Software practice and experience, vol. 10, no. 6, 1980, pp. 501-506.   DOI
10 R. M. Karp, and M. O. Rabin, "Efficient randomized pattern-matching algorithms," IBM J. Res. Dev., vol. 31, no. 2, 1987, pp. 249-260.   DOI   ScienceOn
11 D. Knuth, J. Morris, and V. Pratt, "Fast pattern matching in strings," SIAM journal on computing, vol. 6, no. 2, 1977, pp. 323-350.   DOI
12 구윤모, 김영로, "잡음 영상에서의 에지 검출," 디지털산업정보학회 논문지, 8권, 3호, 2012, pp. 41-47.