Abstract
The increasing number of rules used in Network Intrusion Detection System(NIDS) based on pattern matching lead to the performance diminishing. An efficient algorithm(Multi-AC) for Packet Pre-filtering is proposed to improve the performance of Packet Pre-filtering and NIDS. By making Multilevel AC finite automata, it reduces the number of rules that are candidates for a full match. Experiments based on Snort show that the rules’ number can be reduced to 11%-14% by using Multi-AC algorithm.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Tang, Y., Luo, J., Xiao, B., Wei, G.: Concept, Characteristics and Defending Mechanism of Worms. IEICE Transactions on Information and Systems E92-D(5), 799–809 (2009)
Tang, Y., Xiao, B., Lu, X.: Using a Bioinformatics Approach to Generate Accurate Exploit-based Signatures for Polymorphic Worms. Computers & Security (Elsevier) 28(8), 827–842 (2009)
Snort. Network Intrusion Detection System (EB/OL), http://www.snort.org
Coit, C.J., Staniford, S.: Toward faster string matching for intrusion detection or exceeding the speed of snort. In: Proceedings of 2nd DARPA Information Survivability Conference and Exposition (DISCEX II), pp. 367–373. IEEE CS Press, Piscataway (2001)
Boyer, R.S., Moore, J.S.: A Fast String Searching Algorithm. Commun. ACM 20(10), 762–772 (1977)
Aho, A.V., Corasick, M.J.: Efficient String Matching: An Aid to Bibliographic Search. Commun. ACM 18(6), 333–340 (1975)
Yu, F., Chen, Z., Diao, Y., et al.: Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection. In: ANCS 2006 (2006)
Kumar, S., Dharmapurikar, S., Yu, F., et al.: Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In: Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 339–350. ACM Press, New York (2006)
Becchi, M., Cadambi, S.: Memory-Efficient Regular Expression Search Using State Merging. In: IEEE INFOCOM (2007)
Markatos, E., Antonatos, S., Polyhronakis, M., et al.: Exclusion-based signature matching for intrusion detection. In: Proceedings of the IASTED International Conference on Communications and Computer Networks (CCN), pp. 146–152 (September 2002)
Dharmapurikar, S., Krishnamurthy, P., Sproull, T., Lockwood, J.: Deep packet inspection using parallel bloom filters. In: Proceedings of the 11th Symposium on High Performance Interconnects, pp. 44–51 (2003)
Attig, M., Dharmapurikar, S., Lockwood, J.: Implementation results of bloom filters for string matching. In: FCCM 2004: Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, pp. 322–323. IEEE Computer Society, Washington, DC (2004)
Antonatos, S., Polychronakis, M., Akritidis, P., Anagnostakis, K.G., Markatos, E.P.: Piranha: Fast and memory-efficient pattern matching for intrusion detection. In: Proceedings 20th IFIP International Information Security Conference, SEC (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag GmbH Berlin Heidelberg
About this chapter
Cite this chapter
Qiuxi, Z., Hui, W., Peidai, X., Cheng, C. (2012). An Efficient Packet Pre-filtering Algorithm for NIDS. In: Qian, Z., Cao, L., Su, W., Wang, T., Yang, H. (eds) Recent Advances in Computer Science and Information Engineering. Lecture Notes in Electrical Engineering, vol 126. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25766-7_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-25766-7_16
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25765-0
Online ISBN: 978-3-642-25766-7
eBook Packages: EngineeringEngineering (R0)