상세정보
학술대회
Processing of Multi-pattern Signature in Intrusion Detection System with Content Processor
- 발행일
- 200712
- 출처
- International Conference on Information, Communications and Signal Processing (ICICS) 2007, pp.1-4
- 협약과제
- 07MK2300, 복합단말용 침해방지 기술개발, 김기영
- 초록
- Content processor refers to the hardware accelerator for pattern matching which is essential for network security appliances such as intrusion detection system. With the deployment of high-speed network, its use has been increased to detect malicious attacks in the packet stream in real time. In this paper we introduce an efficient algorithm for content processor to perform multi-pattern signature matching. The proposed algorithm uses software bitmap for each multi-pattern signature without hardware changes, which maximizes flexibility of content processor. From the analysis of Snort which is the widely used intrusion detection system, we observe spatial locality between distances of patterns in the multi-pattern signature. The algorithm makes use of this distance information for adaptive performance optimization. Our techniques show that content processor can be used for multi-pattern processing in intrusion detection systems without hardware modification with reasonable performance. ©2007 IEEE.
- KSP 제안 키워드
- Adaptive performance, Content Processor, Efficient algorithms, Hardware accelerator, High speed network, Intrusion Detection Systems(IDSs), Intrusion detection system(IDS), Pattern signature, Performance Optimization, Real-Time, Spatial locality