A Memory-Efficient Bit-Split Parallel String Matching Using Pattern Dividing for Intrusion Detection Systems
Issue No.11 - November (2011 vol.22)
Hyun Jin Kim , Yonsei University, Seoul
Hong-Sik Kim , Yonsei University, Seoul
Sungho Kang , Yonsei University, Seoul
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TPDS.2011.85
For the low-cost hardware-based intrusion detection systems, this paper proposes a memory-efficient parallel string matching scheme. In order to reduce the number of state transitions, the finite state machine tiles in a string matcher adopt bit-level input symbols. Long target patterns are divided into subpatterns with a fixed length; deterministic finite automata are built with the subpatterns. Using the pattern dividing, the variety of target pattern lengths can be mitigated, so that memory usage in homogeneous string matchers can be efficient. In order to identify each original long pattern being divided, a two-stage sequential matching scheme is proposed for the successive matches with subpatterns. Experimental results show that total memory requirements decrease on average by 47.8 percent and 62.8 percent for Snort and ClamAV rule sets, in comparison with several existing bit-split string matching methods.
Computer network security, finite state machines, site security monitoring, string matching.
Hyun Jin Kim, Hong-Sik Kim, Sungho Kang, "A Memory-Efficient Bit-Split Parallel String Matching Using Pattern Dividing for Intrusion Detection Systems", IEEE Transactions on Parallel & Distributed Systems, vol.22, no. 11, pp. 1904-1911, November 2011, doi:10.1109/TPDS.2011.85