BROWSE
Detail
Conference Paper
Processing of Multi-pattern Signature in Intrusion Detection System with Content Processor
Cited 1 time in 
Share 
Share
- Authors
- Young-Ho Kim, Bo-Heung Jung, Jae-Deok Lim, Ki-Young Kim
- Issue Date
- 2007-12
- Citation
- International Conference on Information, Communications and Signal Processing (ICICS) 2007, pp.1-4
- Language
- English
- Type
- Conference Paper
- Abstract
- Content processor refers to the hardware accelerator for pattern matching which is essential for network security appliances such as intrusion detection system. With the deployment of high-speed network, its use has been increased to detect malicious attacks in the packet stream in real time. In this paper we introduce an efficient algorithm for content processor to perform multi-pattern signature matching. The proposed algorithm uses software bitmap for each multi-pattern signature without hardware changes, which maximizes flexibility of content processor. From the analysis of Snort which is the widely used intrusion detection system, we observe spatial locality between distances of patterns in the multi-pattern signature. The algorithm makes use of this distance information for adaptive performance optimization. Our techniques show that content processor can be used for multi-pattern processing in intrusion detection systems without hardware modification with reasonable performance. ©2007 IEEE.
- KSP Keywords
- Adaptive performance, Content Processor, Efficient algorithms, Hardware accelerator, High speed network, Intrusion Detection Systems(IDSs), Intrusion detection system(IDS), Pattern signature, Performance Optimization, Real-Time, Spatial locality