Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.3.79

A Multiple Pattern Matching Scheme to Improve Rule Application Performance  

Lee, Jae-Kook (Chungnam National University)
Kim, Hyong-Shik (Chungnam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.18, no.3, 2008 , pp. 79-88 More about this Journal
Abstract
On the internet, the NIDS(Network Intrusion Detection System) has been widely deployed to protect the internal network. The NIDS builds a set of rules with analysis results on illegal packets and filters them using the rules, thus protecting the internal system. The number of rules is ever increasing as the attacks are becoming more widespread and well organized these days. As a result, the performance degradation has been found severe in the rule application fer the NIDS. In this paper, we propose a multiple pattern matching scheme to improve rule application performance. Then we compare our algorithm with Wu-Mantel algorithm which is known to do high performance multi-pattern matching.
Keywords
multiple pattern matching; rule application; intrusion detection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Snort, http://www.snort.org
2 R. S. Boyer and J. S. Moore, "A Fast String Searching Algorithm," Communications of the ACM, 1977
3 S. Antonatos, K. G. Anagnostakis, and E. P. Markatos, "Generating realistic workloads for network intrusion detection systems", ACM Workshop on Software and Performance, 2004
4 Sun Wu and Udi Manber, "A Fast Algorithm for Multi-Pattern Searching", in Technical Report TR 94-17, University of Arizona at Tuscan, May 1994
5 Natan Tuck, Timothv Sherwood, Brad Calder, et al, "Deterministic Memory Efficient String Matching Algorithms for Intrusion Detection" in Proceeding of IEEE Infocom, Hong Kong, Match 2004
6 Yang Dong Hong, Xu Ke, and Cui Yong, "An Improved Wu-Manbor Multiple Patterns Matching Algorithm," in Proceeding on Performance, Computing and Communications Conference IPCCC 2006), April 2006
7 구텐베르그 프로젝트, http://www.gutenberg.org
8 A. V. Aho, and M. J. Corasick, "Efficient string Matching: An Aid to Bibliographic search", Communications of the ACM, 18 June 1975
9 Udi Manber, AGREP, an approximate GREP, http://www.tgries.de/agrep/, 2005
10 Sunday DM, "A Very Fast Substring Search Algorithm," in Communications of the ACM, 1990