• Journal of the Korea Society of Computer and Information
• /
• v.16 no.5
• /
• pp.13-22
• /
• 2011

Network Intrusion Detection Systems use regular expression to represent malicious packets and hardware-based pattern matching is required for fast deep packet inspection. Although hardware architectures for implementing constraint repetition operators such as {10} were recently proposed, they have some limitation. In this paper, we propose hardware architecture supporting constraint repetitions of general regular expression sub-patterns with lower logic complexity. The subpatterns supported by the proposed contraint repetition architecture include general regular expression patterns as well as a single character and fixed length patterns. With the proposed building block, we can implement more efficiently regular expression pattern matching hardwares.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.4
• /
• pp.86-94
• /
• 2009

Currently, positioning methods for LBS(Location Based Service) are GPS and network-based positioning techniques that use mobile communication networks. In these methods, however, the accuracy of positioning decreases due to the propagation delay caused by the non-line-of-sight(NLOS) effect and the repeater. To address this disadvantage, the CDMA system uses Pattern Matching algorithm. The Pattern Matching algorithm constructs a database of the propagation characteristics of the RF signals measured during the GPS positioning along with the positioned locations, so that the location can be provided by comparing the propagation characteristics of the received signals and the database, upon a user's request. In the area where GPS signals are not received, however, a database cannot be constructed. There are problem that the accuracy of positioning decreases due to the area without a database Because Pattern Matching algorithm depend on database existence. Therefore, this paper proposed a pilot signal strength prediction algorithm to enable construction of databases for areas without databases, so as to improve the performance of the Pattern Matching algorithm. The database was constructed by predicting the pilot signals in the area without a database using the proposed algorithm, and the Pattern Matching algorithm analysed positioning performance.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.474-477
• /
• 2010

본 논문에서는 패턴인식을 이용한 의류의 결함을 자동으로 탐색하는 시스템을 설계하였다. 이는 히스토그램을 기반으로 하여 영상의 특징을 추출하고 템플릿 매칭을 이용해서 패턴을 추적하도록 하였스며, 또한, SSIM(Structural Similarity) Index를 통해 추적된 패턴과 원 패턴의 유사도를 HVS(Human Vision System)을 기준으로 하여 결함을 판별할수 있도록 하였다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06d
• /
• pp.489-494
• /
• 2007

침입방지 시스템(IPS, Intrusion Prevention System)은 인라인모드(in-line mode)로 네트워크에 설치되어, 네트워크를 지나는 패킷 또는 세션을 검사하여 만일 그 패킷에서 공격이 감지되면 해당 패킷을 폐기하거나 세션을 종료시킴으로서 외부의 침입으로부터 네트워크를 보호하는 시스템을 의미한다. 침입방지 시스템은 크게 두 가지 종류의 동작을 수행한다. 하나는 이미 알려진 공격으로부터 방어하는 시그너처 기반 필터링(signature based filtering)이고 다른 하나는 알려지지 않은 공격이나 비정상 세션으로부터 방어하는 자기 학습 기반의 변칙 탐지 및 방지(anomaly detection and prevention based on selflearning)이다. 시그너처 기반 필터링에서는 침입방지시스템을 통과하는 패킷의 페이로드와 시그너처라고 불리는 공격 패턴들과 비교하여 같으면 그 패킷을 폐기한다. 시그너처의 개수가 증가함에 따라 하나의 들어온 패킷에 대하여 요구되는 패턴 매칭 시간은 증가하게 되어 패킷지연 없이 동작하는 고성능 침입탐지시스템을 개발하는 것이 어렵게 되었다. 공개 침입방지 소프트웨어인 SNORT를 위한 여러 개의 효율적인 패턴 매칭 방식들이 제안되었는데 시그너처들의 공통된 부분에 대해 한번만 매칭을 수행하거나 한 바이트 단위 비교대신 여러 바이트 비교 동작을 수행함으로써 불필요한 매칭동작을 줄이려고 하였다. 본 논문에서는 패턴 매칭 시간을 시그너처의 개수와 무관하게 하기 위하여 시그너처 해싱 기반에 기반한 고성능 침입방지시스템을 제안한다.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.4
• /
• pp.11-18
• /
• 2012

Deep packet inspection which perform pattern matching to search for malicious patterns in the packet is most computationally intensive task. Hardware-based pattern matching is required for real-time packet inspection in high-speed network. In this paper, we have designed and implemented network intrusion detection hardware as a Microblaze-based SoC using Virtex-6 FPGA, which capture the network input packet, perform hardware-based pattern matching for patterns in the Snort rule, and provide the matching result to the software. We verify the operation of the implemented system using traffic generator and real network traffic. The implemented hardware can be used in network intrusion detection system operated in wire-speed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.27-37
• /
• 2011

The IDS/IPS(Intrusion Detection/Prevention System) has been widely deployed to protect the internal network against internet attacks. Reducing the packet inspection time is one of the most important challenges of improving the performance of the IDS/IPS. Since the IDS/IPS needs to match multiple patterns for the incoming traffic, we may have to apply the multiple pattern matching schemes, some of which use finite automata, while the others use the shift table. In this paper, we first show that the performance of those schemes would degrade with various kinds of pattern sets and payload, and then propose a hybrid multiple pattern matching scheme which combines those two schemes. The proposed scheme is organized to guarantee an appropriate level of performance in any cases. The experimental results using real traffic show that the time required to do multiple pattern matching could be reduced effectively.

• Journal of KIISE:Computer Systems and Theory
• /
• v.34 no.2
• /
• pp.73-83
• /
• 2007

In network intrusion prevention, attack packets are detected and filtered out based on their attack signatures. Pattern matching is extensively used to find attack signatures and the most time-consuming execution part of Network Intrusion Prevention Systems(NIPS). Pattern matching is usually accelerated by hardware and should be performed at wire speed in NIPS. However, that alone is not good enough. First, pattern matching hardware should be able to generate sufficient pattern match information including the pattern index number and the location of the match found at wire speed. Second, it should support pattern grouping to reduce unnecessary pattern matches. Third, it should always have a constant worst-case performance even if the number of patterns is increased. Finally it should be able to update patterns in a few minutes or seconds without stopping its operations, We propose a system architecture to meet the above requirement. The system architecture can process multiple pattern characters in parallel and employs a pipeline architecture to achieve high speed. Using Xilinx FPGA simulation, we show that the new system stales well to achieve a high speed oner 10Gbps and satisfies all of the above requirements.

• The Journal of the Korea Contents Association
• /
• v.8 no.5
• /
• pp.44-51
• /
• 2008

Pattern matching and pattern searching in time series data have been active issues in a number of disciplines. This paper suggests a novel pattern matching technology which can be used in the field of stock market analysis as well as in forecasting stock market trend. First, we define conceptual patterns, and extract data forming each pattern from given time series, and then generate learning model using Hidden Markov Model. The results show that the context-based pattern matching makes the matching more accountable and the method would be effectively used in real world applications. This is because the pattern for new data sequence carries not only the matching itself but also a given context in which the data implies.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.1B
• /
• pp.47-55
• /
• 2009

In recent network intrusion detection systems, regular expressions are used to represent malicious packets. In order to process incoming packets through high speed networks in real time, we should perform hardware-based pattern matching using the configurable device such as FPGAs. However, operating speed of FPGAs is slower than giga-bit speed network and so, multi-byte processing per clock cycle may be needed. In this paper, we propose a hardware architecture of multi-byte based regular expression pattern matching and implement the pattern matching circuit generator. The throughput improvements in four-byte based pattern matching circuit synthesized in FPGA for several Snort rules are $2.62{\sim}3.4$ times.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.5
• /
• pp.551-555
• /
• 2010

In protein 2-DE image analysis, the accuracy of spot-matching operation which identifies the spot of the same protein in each 2-DE gel image is intensively influenced by the errors caused by the various experimental conditions. This paper proposes an efficient method to find more accurate spot-matching patterns based on multiple reference gel images in spot-matching pattern analysis in protein 2-DE image analysis. Additionally, in order to improve the reduce the execution time which is increased exponentially along with the increasing number of gel images, a "partition then extension" framework is used to find spot-matching pattern of long length and of higher accuracy. In the experiments on real 2-DE images of human liver tissue are used to confirm the accuracy and the efficiency of the proposed algorithm.