Applying Multi-Pattern Matching Solution to Enhance the Efficiency of Intrusion Detection
Date Issued
2004
Date
2004
Author(s)
Chang, Min-Chieh
DOI
en-US
Abstract
A typical function of a Network Intrusion Detection Systems ( nIDS ) is based on a set of signatures, each describes one known intrusion threat. A nIDS examines network traffic and determines whether any signatures indicating intrusion attempts are matched. The overall performance mainly depends on packets filtering. Therefore, it is important to define a practical, accurate and efficient pattern matching methodology.
In this thesis, we use a widely adopted nIDS Snort as the experimental tool. We analyze its existing multi-pattern matching algorithms, including AC_BM and Wu_Manber. We introduce another algorithm proposed by Kim. In our improvement, we theoretically analyze the optimal equalization point between memory and speed by using Kim’s algorithm. Our modified algorithm helps the reduction of memory usage and has better performance in speed than the AC_BM and Wu_Manber’s current version Snort 2.0 in average. Therefore our improvement enhances the overall performance of intrusion detection.
Subjects
雜湊表
Snort
多重字串比對
入侵偵測
Intrusion Detection
Multi-pattern matching
Hash table
Type
thesis
File(s)![Thumbnail Image]()
Loading...
Name
ntu-93-P90921010-1.pdf
Size
23.31 KB
Format
Adobe PDF
Checksum
(MD5):2978b8c1c51b9fa5fa2e333caa970f59