Balanced Indexing Method for Efficient Intrusion Detection Systems

  • BooJoong Kang
  • Hye Seon Kim
  • Ji Su Yang
  • Eul Gyu Im
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7839)


To protect a network from malicious activities, intrusion detection systems can be used. Most of intrusion detection systems examine incoming packets with detection signatures to detect potential malicious packets. Because the portion of malicious packets is usually very small, it is not efficient to examine incoming packets with all signatures. In this paper, we propose a method that reduces the number of signatures to be examined and show the experimental results of our proposed method.


Network Security Pattern Matching Intrusion Detection System Indexing 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Tuck, N., Sherwood, T., Calder, B., Varghese, G.: Deterministic Memory-Efficient String Matching Algorithms for Intrusion Detection. In: IEEE INFOCOM (2004)Google Scholar
  2. 2.
    Tan, L., Sherwood, T.: A High Throughput String Matching Architecture for Intrusion Detection and Prevention. In: Proceedings of the 32nd Annual International Symposium on Computer Architecture (2005)Google Scholar
  3. 3.
    Song, T., Zhang, W., Wang, D., Xue, Y.: A Memory Efficient Multiple Pattern Matching Architecture for Network Security. In: IEEE INFOCOM (2008)Google Scholar
  4. 4.
    Yu, F., Chen, Z., Diao, Y., Lakshman, T.V., Katz, R.H.: Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection. In: 2nd ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS) (2006)Google Scholar
  5. 5.
    Kastil, J., Korenek, J., Lengal, O.: Methodology for Fast Pattern Matching by Deterministic Finite Automaton with perfect Hashing. In: IEEE 12th Euromicro Conference on Digital System Design, Architectures, Methods and Tools (2009)Google Scholar
  6. 6.
    Bispo, J., Sourdis, I., Cardoso, J.M.P., Vassiliadis, S.: Regular Expression Matching for Reconfigurable Packet Inspection. In: IEEE International Conference on Field Programmable Technology (2006)Google Scholar
  7. 7.
    Baker, Z.K., Prasanna, V.K.: A Methodology for Synthesis of Efficient Intrusion Detection System on FPGAs. In: IEEE FCCM (2004)Google Scholar
  8. 8.
    Sourdis, I., Dimopoulos, V., Pnevmatikatos, D., Vassiliadis, S.: Packet pre-filtering for network intrusion detection. In: 2nd ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pp. 183–192 (2006)Google Scholar
  9. 9.
    Chen, H., Summerville, D.H., Chen, Y.: Two-stage Decomposition of SNORT Rules towards Efficient Hardware Implementation. In: Design of Reliable Communication Networks (DRCN), pp. 359–366 (2009)Google Scholar
  10. 10.
    Kang, B., Kim, H.S., Yang, J.S., Im, E.G.: Rule Indexing for Efficient Intrusion Detection Systems. In: Jung, S., Yung, M. (eds.) WISA 2011. LNCS, vol. 7115, pp. 136–141. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • BooJoong Kang
    • 1
  • Hye Seon Kim
    • 1
  • Ji Su Yang
    • 1
  • Eul Gyu Im
    • 2
  1. 1.Department of Electronics and Computer EngineeringHanyang UniversitySeoulKorea
  2. 2.Division of Computer Science and EngineeringHanyang UniversitySeoulKorea

Personalised recommendations