Abstract
Network security is very important for Internet-connected hosts because of the widespread of worms, viruses, DoS attacks, etc. As a result, a network intrusion detection system (NIDS) is typically needed to detect network attacks by packet inspection. For an NIDS system, string matching is the computation-intensive task and hence the performance bottleneck, since every byte of the payload of packets must be checked against numerous predefined signature strings, which may occur arbitrarily in the payload. In this paper, we present the design and evaluation of parallel string matching algorithms targeting hardware implementation on FPGAs and software implementation on multi-core processors. Experimental results show that, on a multi-processor system, the multi-threaded implementation of the proposed parallel string matching algorithm can reduce string matching time by more than 40%.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Snort Official Web Site (2007), http://www.snort.org/
Fisk, M., Varghese, G.: Fast content-based packet handling for intrusion detection. Technical Report, CS2001-0670, University of California, San Diego (2001)
Boyer, R., Moore, J.: A fast string match algorithm. Communications of the ACM 20, 762–772 (1977)
Aho, A., Corasick, M.: Fast pattern matching: An aid to bibliographic search. Communications of the ACM 18, 333–340 (1975)
Coit, C.J., Staniford, S., McAlerney, J.: Towards Faster String Matching for Intrusion Detection or Exceeding the Speed of Snort. In: DARPA Information Survivability Conference and Exposition II, vol. 1, pp. 367–373 (2001)
Wu, S., Mander, U.: A fast algorithm for multi-pattern searching. Technical Report, TR-94-17, University of Arisona (1994)
Anagnostakis, K., Markatos, E., Antonatos, S., Polychronakis, M.: E 2 xB: A Domain-Specific String Matching Algorithm for Intrusion Detection. In: The 18th IFIP International Information Security Conference (2003)
Norton, M.: Optimizing pattern matching for intrusion detection. White Paper, Sourcefire Inc. (2004)
Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms. MIT Press, Cambridge (2002)
Baker, Z.K., Prasanna, V.K.: Time and Area Efficient Pattern Matching on FPGAs. In: FPGA 2004, pp. 223–232 (2004)
Dharmapurikar, S., Krishnamurthy, P., Sproull, T., Lockwood, J.: Deep Packet Inspection using Parallel Bloom Filters. In: Symposium on High Performance Interconnects (HotI), pp. 44–51 (2003)
Sourdis, I., Pnevmatikatos, D.: Fast, Large-Scale String Match for a 10Gbps FPGA-based Network Intrusion Detection System. In: Cheung, P.Y.K., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, pp. 880–889. Springer, Heidelberg (2003)
Neumann, J.V.: Theory of Self-Reproducing Automata. University of Illinois Press (1966)
Hordijk, W.: Dynamics, Emergent Computation, and Evolution in Cellular Automata. PhD thesis, The University of New Mexico (1999)
JFlex—The Fast Scanner Generator for Java (2007), http://www.jflex.de/
Lee, E.A.: The problem with threads. IEEE Computer Magazine 39, 33–42 (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kwok, T.TO., Kwok, YK. (2007). Design and Evaluation of Parallel String Matching Algorithms for Network Intrusion Detection Systems. In: Li, K., Jesshope, C., Jin, H., Gaudiot, JL. (eds) Network and Parallel Computing. NPC 2007. Lecture Notes in Computer Science, vol 4672. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74784-0_35
Download citation
DOI: https://doi.org/10.1007/978-3-540-74784-0_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74783-3
Online ISBN: 978-3-540-74784-0
eBook Packages: Computer ScienceComputer Science (R0)