High-throughput intrusion detection system with parallel pattern matching
نویسندگان
چکیده
منابع مشابه
Improved Single Keyword Pattern Matching Algorithm for Intrusion Detection System
With the spreading of the internet and online procedures requesting a secure channel, it has become an inevitable requirement to provide the network security. It is very clear that firewalls are not enough to secure a network completely because the attacks committed from outside of the network are stopped whereas inside attacks are not. This is the situation where intrusions detection systems (...
متن کاملSingle-Keyword Pattern Matching Algorithms for Network Intrusion Detection System
The Network Intrusion Detection System (NIDS) is an important part of any modern network. One of the important processes in NIDS is inspecting of individuals’ packets in network traffic, deciding if these packets are infected with any malicious activities. This process, which is called content matching, is done via string matching algorithms. The content matching is considered the heart of NIDS...
متن کاملA Fast Pattern-Matching Algorithm for Network Intrusion Detection System
We present a multi-gigabit rate multiple pattern-matching algorithm with TCAM that enables protecting against malicious attacks in a high-speed network. The proposed algorithm significantly reduces the number of TCAM lookups per payload with m-byte jumping window scheme. Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload in order ...
متن کاملOn the fly pattern matching for intrusion detection with Snort
Intrusion Detection Systems are becoming necessary tools for system administrators to protect their network. However they find more and more difficulties with high speed networks. To enhance their capacity and deal with evasion techniques, frequently used by hackers, we have introduced a new method to filter the network traffic. The detection method, while being stateful, processes each packet ...
متن کاملAn iterative pattern mapping for parallel string matching architecture in intrusion detection systems
This paper proposes an algorithm that maps target patterns onto parallel string matching architectures in intrusion detection systems (IDS). In the proposed iterative pattern mapping, the sets of patterns that are mapped onto string matchers are sorted in ascending order of the average pattern length in each turn. By mapping a set of patterns for a string matcher onto the other string matchers ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEICE Electronics Express
سال: 2012
ISSN: 1349-2543
DOI: 10.1587/elex.9.1467