ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

논문 검색
구분 SCI
연도 ~ 키워드

상세정보

학술대회 Processing of Multi-pattern Signature in Intrusion Detection System with Content Processor
Cited 1 time in scopus Download 0 time Share share facebook twitter linkedin kakaostory
저자
김영호, 정보흥, 임재덕, 김기영
발행일
200712
출처
International Conference on Information, Communications and Signal Processing (ICICS) 2007, pp.1-4
DOI
https://dx.doi.org/10.1109/ICICS.2007.4449753
협약과제
07MK2300, 복합단말용 침해방지 기술개발, 김기영
초록
Content processor refers to the hardware accelerator for pattern matching which is essential for network security appliances such as intrusion detection system. With the deployment of high-speed network, its use has been increased to detect malicious attacks in the packet stream in real time. In this paper we introduce an efficient algorithm for content processor to perform multi-pattern signature matching. The proposed algorithm uses software bitmap for each multi-pattern signature without hardware changes, which maximizes flexibility of content processor. From the analysis of Snort which is the widely used intrusion detection system, we observe spatial locality between distances of patterns in the multi-pattern signature. The algorithm makes use of this distance information for adaptive performance optimization. Our techniques show that content processor can be used for multi-pattern processing in intrusion detection systems without hardware modification with reasonable performance. ©2007 IEEE.
키워드
Content processor, Intrusion detection system, Multi-pattern, Snort
KSP 제안 키워드
Adaptive performance, Content Processor, Efficient algorithms, Hardware accelerator, High speed network, Intrusion Detection Systems(IDSs), Intrusion detection system(IDS), Pattern signature, Performance Optimization, Real-Time, Spatial locality