TY - GEN
T1 - Optimization of pattern matching algorithm for memory based architecture
AU - Lin, Cheng Hung
AU - Tai, Yu Tang
AU - Chang, Shih Chieh
PY - 2007
Y1 - 2007
N2 - Due to the advantages of easy re-configurability and scalability, the memory-based string matching architecture is widely adopted by network intrusion detection systems (NIDS). In order to accommodate the increasing number of attack patterns and meet the throughput requirement of networks, a successful NIDS system must have a memory-efficient pattern-matching algorithm and hardware design. In this paper, we propose a memory-efficient pattern-matching algorithm which can significantly reduce the memory requirement. For total Snort string patterns, the new algorithm achieves 29% of memory reduction compared with the traditional Aho-Corasick algorithm [5]. Moreover, since our approach is orthogonal to other memory reduction approaches, we can obtain substantial gain even after applying the existing state-of-the-art algorithms. For example, after applying the bit-split algorithm [9], we can still gain an additional 22% of memory reduction.
AB - Due to the advantages of easy re-configurability and scalability, the memory-based string matching architecture is widely adopted by network intrusion detection systems (NIDS). In order to accommodate the increasing number of attack patterns and meet the throughput requirement of networks, a successful NIDS system must have a memory-efficient pattern-matching algorithm and hardware design. In this paper, we propose a memory-efficient pattern-matching algorithm which can significantly reduce the memory requirement. For total Snort string patterns, the new algorithm achieves 29% of memory reduction compared with the traditional Aho-Corasick algorithm [5]. Moreover, since our approach is orthogonal to other memory reduction approaches, we can obtain substantial gain even after applying the existing state-of-the-art algorithms. For example, after applying the bit-split algorithm [9], we can still gain an additional 22% of memory reduction.
KW - DFA
KW - intrusion detection
KW - pattern matching
UR - http://www.scopus.com/inward/record.url?scp=70349728018&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70349728018&partnerID=8YFLogxK
U2 - 10.1145/1323548.1323551
DO - 10.1145/1323548.1323551
M3 - Conference contribution
AN - SCOPUS:70349728018
SN - 9781595939456
T3 - ANCS'07 - Proceedings of the 2007 ACM Symposium on Architecture for Networking and Communications
SP - 11
EP - 16
BT - ANCS'07 - Proceedings of the 2007 ACM Symposium on Architecture for Networking and Communications
T2 - 3rd ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2007
Y2 - 3 December 2007 through 4 December 2007
ER -