• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.5
• /
• pp.956-967
• /
• 2010

Rapid growth of internet applications has increased the importance of intrusion detection system (IDS) performance. String matching is the most computation-consuming task in IDS. In this paper, a new algorithm for multiple string matching is proposed. This proposed algorithm is based on the canonical Aho-Corasick algorithm and it utilizes a bidirectional and parallel processing structure to accelerate the matching speed. The proposed string matching algorithm was implemented and patched into Snort for experimental evaluation. Comparing with the canonical Aho-Corasick algorithm, the proposed algorithm has gained much improvement on the matching speed, especially in detecting multiple keywords within a long input text string.

• The Journal of the Korea Contents Association
• /
• v.8 no.2
• /
• pp.33-40
• /
• 2008

In various manners, string pattern matching algorithm has been proven for prominence in speed of searching particular queries and keywords. Whereas, the existing algorithms are limited in terms of various pattern. In this paper, regular expression has been utilized to improve efficiency of pattern matching through efficient execution towards various pattern of queries including particular keywords. Such as this research would enable to search various harmful string pattern more efficiently, rather than matching simple keywords, which also implies excellent speed of string pattern matching compared to that of those existing algorism. In this research, the proposed string search engine generated from the LEX are more efficient than BM & AC algorithm for a string patterns search speed in cases of 1000 with more than patterns, but we have got similar results for the keywords pattern matching.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.4
• /
• pp.135-141
• /
• 2013

String matching is one of the key algorithms in network security and many areas could be benefit from a faster string matching algorithm. Based on the most efficient string matching algorithm in sual applications, the Boyer-Moore (BM) algorithm, a novel algorithm called RQS is proposed. RQS utilizes an improved bad character heuristic to achieve bigger shift value area and an enhanced good suffix heuristic to dramatically improve the worst case performance. The two heuristics combined with a novel determinant condition to switch between them enable RQS achieve a higher performance than BM both under normal and worst case situation. The experimental results reveal that RQS appears efficient than BM many times in worst case, and the longer the pattern, the bigger the performance improvement. The performance of RQS is 7.57~36.34% higher than BM in English text searching, 16.26~26.18% higher than BM in uniformly random text searching, and 9.77% higher than BM in the real world Snort pattern set searching.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.7
• /
• pp.433-439
• /
• 2014

This paper proposes an architecture of two-stage string matching engine with content-addressable memory(CAM) and parallel bit-split string matchers for deep packet inspection(DPI). Each long signature is divided into subpatterns with the same length, where subpatterns are mapped onto the CAM in the first stage. The long pattern is matched in the second stage using the sequence of the matching indexes from the CAM. By adopting CAM and bit-split string matchers, the memory requirements can be greatly reduced in the heterogeneous string matching environments.

• ETRI Journal
• /
• v.35 no.1
• /
• pp.154-157
• /
• 2013

This letter proposes a memory-based parallel string matching engine using the compressed state transitions. In the finite-state machines of each string matcher, the pointers for representing the existence of state transitions are compressed. In addition, the bit fields for storing state transitions can be shared. Therefore, the total memory requirement can be minimized by reducing the memory size for storing state transitions.

• Proceedings of the KIEE Conference
• /
• 1988.07a
• /
• pp.659-661
• /
• 1988

SPM is MDC Processor for string pattern expressed in directional chain code. In this paper we consider the string pattern matching algorithm (Leve-nstein Algorithm) whitch is portion of Dynamic Programing, and propose architecture of SPM and simulate it on the R-T level to evaluate its architecture. We used the C language as the hardware description language, and developed it on the IBM PC/AT Zenix system V OS environment.

• Transactions of the Korean Society of Mechanical Engineers
• /
• v.17 no.11
• /
• pp.2711-2722
• /
• 1993

Most of the current 2-D object recognition systems are model-based. In such systems, the representation of each of a known set of objects are precompiled and stored in a database of models. Later, they are used to recognize the image of an object in each instance. In this thesis, the approach method for the 2-D object recognition is treating an object boundary as a string of structral units and utilizing string matching to analyze the scenes. To reduce string matching time, models are rebuilt by means of fuzzy c-means clustering algorithm. In this experiments, the image of objects were taken at initial position of a robot from the CCD camera, and the models are consturcted by the proposed algorithm. After that the image of an unknown object is taken by the camera at a random position, and then the unknown object is identified by a comparison between the unknown object and models. Finally, the amount of translation and rotation of object from the initial position is computed.

• The KIPS Transactions:PartC
• /
• v.13C no.7 s.110
• /
• pp.821-830
• /
• 2006

As internet worms are spread out worldwide, the detection and filtering of worms becomes one of hot issues in the internet security. As one of implementation methods to detect worms, the Linux Netfilter kernel module can be used. Its basic operation for worm detection is a string matching where coming packet(s) on the network is/are compared with predefined worm signatures(patterns). A worm can appear in a packet or in two (or more) succeeding packets where some part of worm is in the first packet and its remaining part is in its succeeding packet(s). Assuming that the maximum length of a worm pattern is less than 1024 bytes, we need to perform a string matching up to two succeeding packets of 2048 bytes. To do so, Linux Netfilter keeps the previous packet in buffer and performs matching with a combined 2048 byte string of the buffered packet and current packet. As the number of concurrent connections to be handled in the worm detection system increases, the total size of buffer (memory) increases and string matching speed becomes low In this paper, to reduce the memory buffer size and get higher speed of string matching, we propose a string matching scheme without using buffer. The proposed scheme keeps the partial matching result of the previous packet with signatures and has no buffering for previous packet. The partial matching information is used to detect a worm in the two succeeding packets. We implemented the proposed scheme by modifying the Linux Netfilter. Then we compared the modified Linux Netfilter module with the original Linux Netfilter module. Experimental results show that the proposed scheme has 25% lower memory usage and 54% higher speed compared to the original scheme.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.970-972
• /
• 2004

최근 들어 웜 바이러스의 출현과 더불어, 인터넷 대란과 같은 서비스 거부 공격의 피해 사례가 급증하고 있다. 이에 따라 네트워크 보안이 많은 관심을 받고 있는데, 보안의 여러 분야 가운데에서도 특히 침입탐지와 대응에 관한 연구가 활발히 이루어지고 있다. 또한 이러한 작업들을 자동화하기 위한 도구들이 개발되고 있지만 그 정확성이 아직 신뢰할 만한 수준에 이르지 못하고 있는 것이 지금의 현실이다. 본 논문에서는 이벤트 로그를 분석하여 침입 패턴을 예측하고, 이를 기반으로 자동화된 침입 탐지 및 대응을 구현할 수 있는 String Matching 알고리즘을 제안하고자 한다.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.11_12
• /
• pp.598-607
• /
• 2005

We propose a new external-memory index data structure, the Suffix B-tree. The Suffix B-tree is a B-tree in which the key is a string like the String B-tree. While the node in the String B-tree is implemented with a Patricia trio, the node in the Suffix B-tree is implemented with an array. So the Suffix B-tree is simpler and easier to be Implemented than the String B-tree. Nevertheless, the branching algorithm of the Suffix B-tree is as efficient as that of the String B-tree. Consequently, the Suffix B-tree takes the same worst-case disk accesses as the String B-tree to solve the string matching problem, which is fundamental and important in the area of string algorithms.