A High-speed Pattern Matching Acceleration System for Network Intrusion Prevention Systems 


Vol. 12,  No. 2, pp. 87-94, Apr.  2005
10.3745/KIPSTA.2005.12.2.87


PDF
  Abstract

Pattern matching is one of critical parts of Network Intrusion Prevention Systems (NIPS) and computationally intensive. To handle a large number of attack signature patterns increasing everyday, a network intrusion prevention system requires a multi pattern matching method that can meet the line speed of packet transfer. In this paper, we analyze Snort, a widely used open source network intrusion prevention/detection system, and its pattern matching characteristics. A multi pattern matching method for NIPS should efficiently handle a large number of patterns with a wide range of pattern lengths and case insensitive patterns matches. It should also be able to process multiple input characters in parallel. We propose a multi pattern matching hardware accelerator based on Shift-OR pattern matching algorithm. We evaluate the performance of the pattern matching accelerator under various assumptions. The performance evaluation shows that the pattern matching accelerator can be more than 80 times faster than the fastest software multi-matching method used in Snort.

  Statistics
  Cite this article

[IEEE Style]

S. I. Kim, "A High-speed Pattern Matching Acceleration System for Network Intrusion Prevention Systems," The KIPS Transactions:PartA, vol. 12, no. 2, pp. 87-94, 2005. DOI: 10.3745/KIPSTA.2005.12.2.87.

[ACM Style]

Sun Il Kim. 2005. A High-speed Pattern Matching Acceleration System for Network Intrusion Prevention Systems. The KIPS Transactions:PartA, 12, 2, (2005), 87-94. DOI: 10.3745/KIPSTA.2005.12.2.87.

Forms

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)

Old Journals

Indexing

All publications of TKIPS is indexed in DOI, EBSCO, Google Scholar, Crossref, and CrossCheck.

TKIPS is also selected as the Journal for Accreditation by NRF (National Research Foundation of Korea).

Related Journals