Software—Practice & Experience
String searching algorithms
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
A fast string searching algorithm
Communications of the ACM
Efficient string matching: an aid to bibliographic search
Communications of the ACM
Stateful Intrusion Detection for High-Speed Networks
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Snort 2.0 Intrusion Detection
Fast Content-Based Packet Handling for Intrusion Detection
Fast Content-Based Packet Handling for Intrusion Detection
Exploiting Reconfigurable Hardware for Network Security
FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Generating realistic workloads for network intrusion detection systems
WOSP '04 Proceedings of the 4th international workshop on Software and performance
A fast string-matching algorithm for network processor-based intrusion detection system
ACM Transactions on Embedded Computing Systems (TECS)
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Network intrusion detection: Evaluating cluster, discriminant, and logit analysis
Information Sciences: an International Journal
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A hybrid machine learning approach to network anomaly detection
Information Sciences: an International Journal
An Automatically Tuning Intrusion Detection System
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Fast and Scalable Pattern Matching for Network Intrusion Detection Systems
IEEE Journal on Selected Areas in Communications
A Memory-Efficient Parallel String Matching Architecture for High-Speed Intrusion Detection
IEEE Journal on Selected Areas in Communications
Information Sciences: an International Journal
Exact online two-dimensional pattern matching using multiple pattern matching algorithms
Journal of Experimental Algorithmics (JEA)
| Hi-index | 0.07 |
Inspection engines that can inspect network content for application-layer information are urgently required. In-depth packet inspection engines, which search the whole packet payload, can identify the interested packets that contain certain patterns. Network equipment then utilizes the searching results from the inspection engines for application-oriented management. The most important technology for fast packet inspection is an efficient multi-pattern matching algorithm to perform exact string matching between packets and a large set of patterns. This paper proposes a novel hierarchical multi-pattern matching algorithm (HMA) for packet inspection. HMA builds hierarchical index tables from the most frequent common-codes, and efficiently reduces the amount of external memory accesses and memory space by two-tier and cluster-wise matching. Analysis and simulation results reveal that HMA performs much better than state-of-the-art matching algorithms. In particular, HMA can update patterns incrementally, thus creating a reliable network system.