The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.11 - November (2011 vol.22)
pp: 1904-1911
Hyun Jin Kim , Yonsei University, Seoul
Hong-Sik Kim , Yonsei University, Seoul
Sungho Kang , Yonsei University, Seoul
ABSTRACT
For the low-cost hardware-based intrusion detection systems, this paper proposes a memory-efficient parallel string matching scheme. In order to reduce the number of state transitions, the finite state machine tiles in a string matcher adopt bit-level input symbols. Long target patterns are divided into subpatterns with a fixed length; deterministic finite automata are built with the subpatterns. Using the pattern dividing, the variety of target pattern lengths can be mitigated, so that memory usage in homogeneous string matchers can be efficient. In order to identify each original long pattern being divided, a two-stage sequential matching scheme is proposed for the successive matches with subpatterns. Experimental results show that total memory requirements decrease on average by 47.8 percent and 62.8 percent for Snort and ClamAV rule sets, in comparison with several existing bit-split string matching methods.
INDEX TERMS
Computer network security, finite state machines, site security monitoring, string matching.
CITATION
Hyun Jin Kim, Hong-Sik Kim, Sungho Kang, "A Memory-Efficient Bit-Split Parallel String Matching Using Pattern Dividing for Intrusion Detection Systems", IEEE Transactions on Parallel & Distributed Systems, vol.22, no. 11, pp. 1904-1911, November 2011, doi:10.1109/TPDS.2011.85
REFERENCES
[1] P.-C. Lin, Y.-D. Lin, T.-H. Lee, and Y.-C. Lai, "Using String Matching for Deep Packet Inspection," IEEE Computer, vol. 41, no. 4, pp. 23-28, Apr. 2008.
[2] Snort, Ver.2.8, Network Intrusion Detection System, http:/www.snort.org., 2011.
[3] Clam AntiVirus, Ver.0.95.3. http:/www.clamav.net., 2011.
[4] C.-H. Lin, Y.-T. Tai, and S.-C. Chang, "Optimization of Pattern Matching Algorithm for Memory Based Architecture," Proc. Third ACM/IEEE Symp. Architecture for Networking and Comm. Systems, pp. 11-16, 2007.
[5] S. Kumar, S. Dharmapurikar, F. Yu, P. Crowley, and J. Turner, "Algorithms to Accelerate Multiple Regular Expressions Matching for Deep Packet Inspection," Proc. Conf. Applications, Technologies, Architectures, and Protocols for Computer Comm., pp. 339-350, 2006.
[6] F. Yu, Z. Chen, Y. Diao, T.V. Lakshman, and R.H. Katz, "Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection," Proc. Second ACM/IEEE Symp. Architecture for Networking and Comm. Systems, pp. 93-102, 2006.
[7] A.V. Aho and M.J. Corasick, "Efficient String Matching: An Aid to Bibliographic Search," Comm. ACM, vol. 18, no 6, pp. 333-340, 1975.
[8] L. Tan and T. Sherwood, "A High Throughput String Matching Architecture for Intrusion Detection and Prevention," Proc. 32nd IEEE/ACM Int'l Symp. Computer Architecture, pp. 112-122, 2005.
[9] L. Tan, B. Brotherton, and T. Sherwood, "Bit-Split String-Matching Engines for Intrusion Detection and Prevention," ACM Trans. Architecture and Code Optimization, vol. 3, no. 1, pp. 3-34, Mar. 2006.
[10] P. Piyachon and Y. Luo, "Compact State Machines for High Performance Pattern Matching," Proc. 44th Ann. ACM/IEEE Design Automation Conf., pp. 493-496, 2007.
[11] Deterministic Finite-State Machine, http://en.wikipedia.org/wikiDeterministic_finite_state_machine , 2011.
[12] H. Kim, H. Hong, H.-S. Kim, and S. Kang, "A Memory-Efficient Parallel String Matching for Intrusion Detection Systems," IEEE Comm. Letters, vol. 13, no. 12, pp. 1004-1006, Dec. 2009.
[13] Virtex-4 FPGA User Guide, http://www.xilinx.com/support/documentation/ user_guidesug070.pdf., 2011.
[14] Xilinx Synthesis Technolgy, Xilinx ISE 9.1. http://www.xilinx. com/itp/xilinx10/books/ docs/xstxst.pdf., 2011.
[15] Xilinx XPower Analyzer, http:/www.xilinx.com., 2011.
20 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool