A memory-efficient parallel string matching architecture for high-speed intrusion detection

被引:35
|
作者
Lu, Hongbin [1 ]
Zheng, Kai
Liu, Bin
Zhang, Xin
Liu, Yunhao
机构
[1] Tsinghua Univ, Dept Comp Sci & Technol, Beijing 100084, Peoples R China
[2] Hong Kong Univ Sci & Technol, Kowloon, Hong Kong, Peoples R China
基金
中国国家自然科学基金; 高等学校博士学科点专项科研基金;
关键词
computer network security; finite automata; parallel processing; site security monitoring; string matching;
D O I
10.1109/JSAC.2006.877221
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
The ability to inspect both packet headers and payloads to identify attack signatures makes network intrusion detection system (NIDS) a promising approach to protect Internet systems. Since most of the known attacks can be represented with strings or combinations of multiple substrings, string matching is a key component, as well as the bottleneck in NIDS to address the requirement of constantly increasing capacity. We propose a memory-efficient multiple-character-approaching architecture consisting of multiple parallel deterministic finite automata (DFAs), called TDP-DFA. By employing efficient representations for the transition rules in each DFA, TDP-DFA significantly reduces the complexity. We also present a novel scheme to share the storage of transition rules among multiple DFAs, substantially decreasing the total storage cost, and avoiding the cost increase being proportional to the number of DFAs. We evaluate this design through theoretical analysis and comprehensive experiments. Results show that TDP-DFA is able to meet the critical requirement of OC-768 wirespeed processing, as well as constituting a promising way for scaling up to cope with throughput over 100 Gb/s in the future.
引用
收藏
页码:1793 / 1804
页数:12
相关论文
共 50 条
  • [1] A Memory-Efficient Parallel String Matching for Intrusion Detection Systems
    Kim, HyunJin
    Hong, Hyejeong
    Kim, Hong-Sik
    Kang, Sungho
    [J]. IEEE COMMUNICATIONS LETTERS, 2009, 13 (12) : 1004 - 1006
  • [2] High-Speed Memory-Efficient Network Intrusion Detection System
    Lin, Wei
    Wang, XiaoFei
    Qi, YaXuan
    Pao, Derek
    Liu, Bin
    [J]. IEEE INFOCOM 2009 - IEEE CONFERENCE ON COMPUTER COMMUNICATIONS WORKSHOPS, 2009, : 359 - +
  • [3] Deterministic memory-efficient string matching algorithms for intrusion detection
    Tuck, N
    Sherwood, T
    Calder, B
    Varghese, G
    [J]. IEEE INFOCOM 2004: THE CONFERENCE ON COMPUTER COMMUNICATIONS, VOLS 1-4, PROCEEDINGS, 2004, : 2628 - 2639
  • [4] High-speed string matching for network intrusion detection
    Soewito, Benfano
    Mahajan, Atul
    Weng, Ning
    Wang, Haibo
    [J]. INTERNATIONAL JOURNAL OF COMMUNICATION NETWORKS AND DISTRIBUTED SYSTEMS, 2009, 3 (04) : 319 - 339
  • [5] Memory-Efficient Content Filtering Hardware for High-Speed Intrusion Detection Systems
    Yi, Sungwon
    Kim, Byoung-Koo
    Oh, Jintae
    Jang, Jongsoo
    Kesidis, George
    Das, Chita R.
    [J]. APPLIED COMPUTING 2007, VOL 1 AND 2, 2007, : 264 - +
  • [6] A Time- and Memory-Efficient String Matching Algorithm for Intrusion Detection Systems
    Sheu, Tzu-Fang
    Huang, Nen-Fu
    Lee, Hsiao-Ping
    [J]. GLOBECOM 2006 - 2006 IEEE GLOBAL TELECOMMUNICATIONS CONFERENCE, 2006,
  • [7] A Memory-Efficient Bit-Split Parallel String Matching Using Pattern Dividing for Intrusion Detection Systems
    Kim, Hyun Jin
    Kim, Hong-Sik
    Kang, Sungho
    [J]. IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, 2011, 22 (11) : 1904 - 1911
  • [8] A Parallel Architecture for Stateful, High-Speed Intrusion Detection
    Foschini, Luca
    Thapliyal, Ashish V.
    Cavallaro, Lorenzo
    Kruegel, Christopher
    Vigna, Giovanni
    [J]. INFORMATION SYSTEMS SECURITY, PROCEEDINGS, 2008, 5352 : 203 - 220
  • [9] Memory-Efficient String Matching for Intrusion Detection Systems using a High-Precision Pattern Grouping Algorithm
    Vakili, Shervin
    Langlois, J. M. Pierre
    Boughzala, Bochra
    Savaria, Yvon
    [J]. PROCEEDINGS OF THE 2016 SYMPOSIUM ON ARCHITECTURES FOR NETWORKING AND COMMUNICATIONS SYSTEMS (ANCS'16), 2016, : 37 - 42
  • [10] Piranha: Fast and memory-efficient pattern matching for intrusion detection
    Antonatos, S
    Polychronakis, M
    Akritidis, P
    Anagnostakis, KG
    Markatos, EP
    [J]. SECURITY AND PRIVACY IN THE AGE OF UBIQUITOUS COMPUTING, 2005, 181 : 393 - 408