Approximate Packet Pre-filtering to Accelerate Pattern Matching
نویسندگان
چکیده
Intrusion detection system is a promising technique to improve Internet security. A daunting challenge in the design of this system is the requirement of simultaneous matching of hundreds to thousands of attack patterns at full wire speed. This paper presents a novel scheme to accelerate pattern matching by adding a prefilter to the exact pattern matching engines. This prefilter serves as a fast path for the majority incoming packets, which dramatically reduces the workload of exact pattern matching engines. Our prefilter checks each packet based on its header and content. To reduce matching complexity, the prefilter uses a much smaller set of representatives than the set of patterns. Our prefilter is false negative free, with a possible false positive rate, which can be reduced by increasing the representative length. Experiment results show that our prefilter has improved system throughput in the order of 100 times.
منابع مشابه
Improvement and parallelization of Snort network intrusion detection mechanism using graphics processing unit
Nowadays, Network Intrusion Detection Systems (NIDS) are widely used to provide full security on computer networks. IDS are categorized into two primary types, including signature-based systems and anomaly-based systems. The former is more commonly used than the latter due to its lower error rate. The core of a signature-based IDS is the pattern matching. This process is inherently a computatio...
متن کاملAutomatic protocol signature generation framework for deep packet inspection
We present an automatic application protocol signature generating framework for Deep Packet Inspection (DPI) techniques with performance evaluation. We propose to utilize algorithms from the field of bioinformatics. We also present preprocessing methods to accelerate our system. Moreover, we developed several postprocessing techniques to refine the accuracy of the results. Finally, we propose a...
متن کاملApproximate Pattern Matching Over the Burrows-Wheeler Transformed Text
The compressed pattern matching problem is to locate the occurrence(s) of a pattern P in a text string T using a compressed representation of T , with minimal (or no) decompression. In this paper, we consider approximate pattern matching directly on Burrow-Wheeler transformed (BWT) text which is a critical step for a fully compressed pattern matching algorithm on a BWT based compression algorit...
متن کاملFiltering Obfuscated Email Spam by means of Phonetic String Matching
Rule-based email filters mainly rely on the occurrence of critical words to classify spam messages. However, perceptive obfuscation techniques can be used to elude exact pattern matching. In this paper we propose a new technique for filtering obfuscated email spam that performs approximate pattern matching both on the original message and on its phonetic transcription.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008