Access the full text.
Sign up today, get DeepDyve free for 14 days.
Robert Boyer, Strother Moore (1977)
A fast string searching algorithmCommun. ACM, 20
Niraj Shah, W. Plishker, K. Keutzer (2004)
NP-Click: A Programming Model for the Intel IXP1200
Jason Coit, Stuart Staniford, Joseph McAlemey (2001)
Towards faster string matching for intrusion detection or exceeding the speed of SnortProceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01, 1
Niraj Shah, K. Keutzer (2002)
Network Processors: Origin of Species
Sun Kim, Yanggon Kim (1999)
A Fast Multiple String-Pattern Matching Algorithm
K. Anagnostakis, S. Antonatos, E. Markatos, M. Polychronakis (2003)
E2xB: A Domain-Specific String Matching Algorithm for Intrusion Detection
P. Paulin, F. Karim, Paul Bromley (2001)
Network processors: a perspective on market requirements, processor architectures and embedded S/W toolsProceedings Design, Automation and Test in Europe. Conference and Exhibition 2001
SNORT. http://www.snort.org/ Spirent Communications
A. Aho, M. Corasick (1975)
Efficient string matchingCommunications of the ACM, 18
E. Markatos, S. Antonatos, M. Polychronakis, K. Anagnostakis (2002)
Exclusion-based Signature Matching for Intrusion Detection
Intel Network Processor. http://www.intel.com/design/network/products/npfamily
M. Roesch (1999)
Snort: Lightweight Intrusion Detection for Networks
(2003)
Received February ACM Transactions on Embedded Computing Systems
B. Watson (1994)
The performance of single-keyword and multiple-keyword pattern matching algorithms, 9419
M. Fisk, G. Varghese (2001)
Fast Content-Based Packet Handling for Intrusion Detection
Sun Wu, U. Manber (1999)
A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING
R. Horspool (1980)
Practical fast searching in stringsSoftware: Practice and Experience, 10
(2004)
String-Matching Algorithm for Network Intrusion Detection System @BULLET 633
(2002)
An analysis of fast string matching applied to content-based forwarding and intrusion detection
Beate Commentz-Walter (1979)
A String Matching Algorithm Fast on the Average
(2002)
Snort 2 . 0 : Detection Revised
Network intrusion detection systems (NIDSs) are one of the latest developments in security. The matching of packet strings against collected signatures dominates signature-based NIDS performance. Network processors are also one of the fastest growing segments of the semiconductor market, because they are designed to provide scalable and flexible solutions that can accommodate change quickly and economically. This work presents a fast string-matching algorithm (called FNP) over the network processor platform that conducts matching sets of patterns in parallel. This design also supports numerous practical features such as case-sensitive string matching, signature prioritization, and multiple-content signatures. This efficient multiple-pattern matching algorithm utilizes the hardware facilities provided by typical network processors instead of employing the external lookup co-processors. To verify the efficiency and practicability of the proposed algorithm, it was implemented on the Vitesse IQ2000 network processor platform. The searching patterns used in the present experiments are derived from the well-known Snort ruleset cited by most open-source and commercial NIDSs. This work shows that combining our string-matching methodology, hashing engine supported by most network processors, and characteristics of current Snort signatures frequently improves performance and reduces number of memory accesses compared to conventional string-matching algorithms. Another contribution of this work is to highlight that, besides total number of searching patterns, shortest pattern length is also a major influence on NIDS multipattern matching algorithm performance.
ACM Transactions on Embedded Computing Systems (TECS) – Association for Computing Machinery
Published: Aug 1, 2004
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.