Protomatching network traffic for high throughputnetwork intrusion detection
Proceedings of the 13th ACM conference on Computer and communications security
An intrusion detection sensor for the NetVM virtual processor
ICOIN'09 Proceedings of the 23rd international conference on Information Networking
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
CompactDFA: generic state machine compression for scalable pattern matching
INFOCOM'10 Proceedings of the 29th conference on Information communications
| Hi-index | 0.00 |
Network Intrusion Detection Systems (NIDS) are oneof the latest developments in security. The matching ofpacket strings against collected signatures dominatessignature-based NIDS performance. This work presentsFNP2, an efficient pattern-matching engine designed forNetwork Processor platform which conducts matchingsets of patterns in parallel. This work shows thatcombining our string matching methodology, hashingengine supported by most Network Processors, andcharacteristics of current Snort signatures frequentlyimproves performance and reduces number of memoryaccesses compared to current NIDS pattern matchingalgorithms. Another contribution is to highlight that,besides total number of searching patterns, shortestpattern length is also a major influence on NIDS multi-patternmatching algorithm performance.