A fast pattern-matching algorithm for network intrusion detection system

Authors:
Jung-Sik Sung;Seok-Min Kang;Taeck-Geun Kwon
Affiliations:
ETRI, Daejeon, Korea;Chungnam National University, Daejeon, Korea;Chungnam National University, Daejeon, Korea
Venue:
NETWORKING'06 Proceedings of the 5th international IFIP-TC6 conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems
Year:
2006

Citing 5
Cited 0

Fast Content-Based Packet Handling for Intrusion Detection

Fast Content-Based Packet Handling for Intrusion Detection
High-Speed Discrete Content Sensitive Pattern Match Algorithm for Deep Packet Filtering

ICCNMC '03 Proceedings of the 2003 International Conference on Computer Networks and Mobile Computing
Issues in High-Speed Internet Security

Computer
Gigabit Rate Packet Pattern-Matching Using TCAM

ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Deep Packet Inspection using Parallel Bloom Filters

IEEE Micro

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a multi-gigabit rate multiple pattern-matching algorithm with TCAM that enables protecting against malicious attacks in a high-speed network. The proposed algorithm significantly reduces the number of TCAM lookups per payload with m-byte jumping window scheme. Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload in order to inspect the content. Furthermore, multi-packet inspection is achieved easily by the extended state transition diagram with the shifting distance. With experimental results, we have clearly justified the proposed algorithm works well for a multi-gigabit network intrusion detection system.