Abstract
As the use of the Internet has increased tremendously, the network traffic involved in malicious activities has also grown significantly. To detect and classify such malicious activities, Snort, the open-sourced network intrusion detection system, is widely used. Snort examines incoming packets with all Snort rules to detect potential malicious packets. Because the portion of malicious packets is usually small, it is not efficient to examine incoming packets with all Snort rules. In this paper, we apply two indexing methods to Snort rules, Prefix Indexing and Random Indexing, to reduce the number of rules to be examined. We also present experimental results with the indexing methods.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Tuck, N., Sherwood, T., Calder, B., Varghese, G.: Deterministic Memory-Efficient String Matching Algorithms for Intrusion Detection. In: IEEE INFOCOM (2004)
Peng, J., Chen, H., Shi, S.: The GPU-based string matching system in advanced AC algorithm. In: IEEE 10th International Conference on Computer and Information Technology (2010)
Tan, L., Sherwood, T.: A High Throughput String Matching Architecture for Intrusion Detection and Prevention. In: Proceedings of the 32nd Annual International Symposium on Computer Architecture (2005)
Song, T., Zhang, W., Wang, D., Xue, Y.: A Memory Efficient Multiple Pattern Matching Architecture for Network Security. In: IEEE INFOCOM (2008)
Yu, F., Chen, Z., Diao, Y., Lakshman, T.V., Katz, R.H.: Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection. In: IEEE/ACM ANCS (2006)
Kastil, J., Korenek, J., Lengal, O.: Methodology for Fast Pattern Matching by Deterministic Finite Automaton with perfect Hashing. In: IEEE 12th Euromicro Conference on Digital System Design, Architectures, Methods and Tools (2009)
Bispo, J., Sourdis, I., Cardoso, J.M.P., Vassiliadis, S.: Regular Expression Matching for Reconfigurable Packet Inspection. In: IEEE International Conference on Field Programmable Technology (2006)
Baker, Z.K., Prasanna, V.K.: A Methodology for Synthesis of Efficient Intrusion Detection System on FPGAs. In: IEEE FCCM (2004)
Sourdis, I., Dimopoulos, V., Pnevmatikatos, D., Vassiliadis, S.: Packet pre-filtering for network intrusion detection. In: 2nd ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), San Jose, pp. 183–192 (2006)
Chen, H., Summerville, D.H., Chen, Y.: Two-stage Decomposition of SNORT Rules towards Efficient Hardware Implementation. In: 7th International Workshop on Design of Reliable Communication Networks (DRCN), pp. 359–366 (2009)
Snort homepage, http://www.snort.org
Dharmapurikar, S., Lockwood, J.: Fast and Scalable Pattern Matching for Content Filtering. In: IEEE/ACM ANCS Symposium on Architectures for Networking and Communications Systems (ANCS), pp. 183–192 (2005)
Beale, J., Foster, J.C., Posluns, J., Caswell, B.: Snort 2.0 Intrusion Detection. Syngress Publishing, Inc. (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kang, B., Kim, H.S., Yang, J.S., Im, E.G. (2012). Rule Indexing for Efficient Intrusion Detection Systems. In: Jung, S., Yung, M. (eds) Information Security Applications. WISA 2011. Lecture Notes in Computer Science, vol 7115. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27890-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-27890-7_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27889-1
Online ISBN: 978-3-642-27890-7
eBook Packages: Computer ScienceComputer Science (R0)