High Speed Pattern Matching for Network IDS/IPS

14 years 16 days ago
High Speed Pattern Matching for Network IDS/IPS
— The phenomenal growth of the Internet in the last decade and society’s increasing dependence on it has brought along, a flood of security attacks on the networking and computing infrastructure. Intrusion detection/prevention systems provide defenses against these attacks by monitoring headers and payload of packets flowing through the network. Multiple string matching that can compare hundreds of string patterns simultaneously is a critical component of these systems, and is a well-studied problem. Most of the string matching solutions today are based on the classic Aho-Corasick algorithm, which has an inherent limitation; they can process only one input character in one cycle. As memory speed is not growing at the same pace as network speed, this limitation has become a bottleneck in the current network, having speeds of tens of gigabits per second. In this paper, we propose a novel multiple string matching algorithm that can process multiple characters at a time thus achievin...
Mansoor Alicherry, Muthusrinivasan Muthuprasanna,
Added 11 Jun 2010
Updated 11 Jun 2010
Type Conference
Year 2006
Where ICNP
Authors Mansoor Alicherry, Muthusrinivasan Muthuprasanna, Vijay Kumar
Comments (0)