A fast string searching algorithm
Communications of the ACM
Efficient string matching: an aid to bibliographic search
Communications of the ACM
Proceedings of the conference on Design, automation and test in Europe
A String Matching Algorithm Fast on the Average
Proceedings of the 6th Colloquium, on Automata, Languages and Programming
Fast Content-Based Packet Handling for Intrusion Detection
Fast Content-Based Packet Handling for Intrusion Detection
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
A methodology for evaluating runtime support in network processors
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Journal of Systems Architecture: the EUROMICRO Journal
Resource allocation in network processors for network intrusion prevention systems
Journal of Systems and Software
DPICO: a high speed deep packet inspection engine using compact finite automata
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Implementing high-speed string matching hardware for network intrusion detection systems
Proceedings of the 16th international ACM/SIGDA symposium on Field programmable gate arrays
Hierarchical multi-pattern matching algorithm for network content inspection
Information Sciences: an International Journal
Deflating the big bang: fast and scalable deep packet inspection with extended finite automata
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Fast Signature Matching Using Extended Finite Automaton (XFA)
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
High-speed string matching for network intrusion detection
International Journal of Communication Networks and Distributed Systems
Optimized memory based accelerator for scalable pattern matching
Microprocessors & Microsystems
Multi-byte Regular Expression Matching with Speculation
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Variable Length Pattern Matching for Hardware Network Intrusion Detection System
Journal of Signal Processing Systems
Parallel network intrusion detection on reconfigurable platforms
EUC'07 Proceedings of the 2007 international conference on Embedded and ubiquitous computing
Improving NFA-based signature matching using ordered binary decision diagrams
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
A fast pattern matching algorithm with multi-byte search unit for high-speed network security
Computer Communications
Fast, memory-efficient regular expression matching with NFA-OBDDs
Computer Networks: The International Journal of Computer and Telecommunications Networking
MIDeA: a multi-parallel intrusion detection architecture
Proceedings of the 18th ACM conference on Computer and communications security
A high-throughput system architecture for deep packet filtering in network intrusion prevention
ARCS'06 Proceedings of the 19th international conference on Architecture of Computing Systems
Parallel optimization technology for backbone network intrusion detection system
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Pattern matching acceleration for network intrusion detection systems
SAMOS'05 Proceedings of the 5th international conference on Embedded Computer Systems: architectures, Modeling, and Simulation
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Hi-index | 0.00 |
Network intrusion detection systems (NIDSs) are one of the latest developments in security. The matching of packet strings against collected signatures dominates signature-based NIDS performance. Network processors are also one of the fastest growing segments of the semiconductor market, because they are designed to provide scalable and flexible solutions that can accommodate change quickly and economically. This work presents a fast string-matching algorithm (called FNP) over the network processor platform that conducts matching sets of patterns in parallel. This design also supports numerous practical features such as case-sensitive string matching, signature prioritization, and multiple-content signatures. This efficient multiple-pattern matching algorithm utilizes the hardware facilities provided by typical network processors instead of employing the external lookup co-processors. To verify the efficiency and practicability of the proposed algorithm, it was implemented on the Vitesse IQ2000 network processor platform. The searching patterns used in the present experiments are derived from the well-known Snort ruleset cited by most open-source and commercial NIDSs. This work shows that combining our string-matching methodology, hashing engine supported by most network processors, and characteristics of current Snort signatures frequently improves performance and reduces number of memory accesses compared to conventional string-matching algorithms. Another contribution of this work is to highlight that, besides total number of searching patterns, shortest pattern length is also a major influence on NIDS multipattern matching algorithm performance.