Fast multi-pattern matching algorithm for intrusion detection

• Information security • Previous Articles Next Articles

Fast multi-pattern matching algorithm for intrusion detection

Received:2007-07-16 Revised:2007-09-05 Online:2008-01-01 Published:2008-01-01
Contact: Chao-Qin GAO

一种面向入侵检测的快速多模式匹配算法

高朝勤陈元琰李梅

广西师范大学计算机科学与信息工程学院广西师范大学计算机科学与信息工程学院广西师范大学计算机科学与信息工程学院

通讯作者: 高朝勤

Abstract

Abstract: With network speed and the number of rules constantly increasing, pattern matching is becoming the bottleneck in Network Intrusion Detection System （NIDS）. This paper proposed a fast Wu-Manber-like multi-pattern matching algorithm for intrusion detection, called FWM. By subdividing the pattern group into two subgroups and dealing with the two subgroups in different methods, the FWM algorithm enhanced the efficiency of pattern matching. Experimental results show that, when pattern group contains the pattern that is less than three bytes, the FWM algorithm improves average performance by 29%~44% compared to the original NIDS pattern matching algorithm.

Key words: intrusion detection system, Wu-Manber algorithm, network security, multi-pattern matching

摘要： 随着网络速度和入侵检测规则的持续增长，模式匹配正在成为网络入侵检测系统的性能瓶颈。提出了一种新的Wu-Manber类型的模式匹配算法，通过将模式分组，对不同子模式组采用不同匹配方法，显著提高了模式匹配的效率。对比实验表明，当模式组中含有长度小于3的模式时，新算法性能比原算法平均提高了29%~44%。

关键词: 入侵检测系统, Wu-Manber算法, 网络安全, 多模式匹配

Chao-Qin GAO Yuan-Yan CHEN Mei LI. Fast multi-pattern matching algorithm for intrusion detection[J]. Journal of Computer Applications.

高朝勤陈元琰李梅. 一种面向入侵检测的快速多模式匹配算法[J]. 计算机应用.

[1]	WANG Yue, JIANG Yiming, LAN Julong. Intrusion detection based on improved triplet network and K-nearest neighbor algorithm [J]. Journal of Computer Applications, 2021, 41(7): 1996-2002.
[2]	ZHANG Quanlong, WANG Huaibin. Intrusion detection model based on combination of dilated convolution and gated recurrent unit [J]. Journal of Computer Applications, 2021, 41(5): 1372-1377.
[3]	TANG Yanqiang, LI Chenghai, SONG Yafei. Network security situation prediction based on improved particle swarm optimization and extreme learning machine [J]. Journal of Computer Applications, 2021, 41(3): 768-773.
[4]	HANG Mengxin, CHEN Wei, ZHANG Renjie. Abnormal flow detection based on improved one-dimensional convolutional neural network [J]. Journal of Computer Applications, 2021, 41(2): 433-440.
[5]	CHENG Xiaohui, NIU Tong, WANG Yanjun. Wireless sensor network intrusion detection system based on sequence model [J]. Journal of Computer Applications, 2020, 40(6): 1680-1684.
[6]	CHI Yaping, MO Chongwei, YANG Yintan, CHEN Chunxia. Design and implementation of intrusion detection model for software defined network architecture [J]. Journal of Computer Applications, 2020, 40(1): 116-122.
[7]	WANG Jiaxin, FENG Yi, YOU Rui. Network security measurment based on dependency relationship graph and common vulnerability scoring system [J]. Journal of Computer Applications, 2019, 39(6): 1719-1727.
[8]	DU Junxiong, CHEN Wei, LI Xueyan. Contextual authentication method based on device fingerprint of Internet of Things [J]. Journal of Computer Applications, 2019, 39(2): 464-469.
[9]	GUO Fangfang, CHAO Luomeng, ZHU Jianwen. Multi-source data parallel preprocessing method based on similar connection [J]. Journal of Computer Applications, 2019, 39(1): 57-60.
[10]	XIE Lixia, WANG Zhihua. Network security situation assessment method based on cuckoo search optimized back propagation neural network [J]. Journal of Computer Applications, 2017, 37(7): 1926-1930.
[11]	LI Fangwei, LI Qi, ZHU Jiang. Improved method of situation assessment method based on hidden Markov model [J]. Journal of Computer Applications, 2017, 37(5): 1331-1334.
[12]	ZHAO Dongmei, LI Hong. Approach to network security situational element extraction based on parallel reduction [J]. Journal of Computer Applications, 2017, 37(4): 1008-1013.
[13]	ZHU Jiang, MING Yue, WANG Sen. Mechanism of security situation element acquisition based on deep auto-encoder network [J]. Journal of Computer Applications, 2017, 37(3): 771-776.
[14]	YANG Jianxi, DAI Chuping, JIANG Tingting, DING Zhengguang. 4G indoor physical layer authentication algorithm based on support vector machine [J]. Journal of Computer Applications, 2016, 36(11): 3103-3107.
[15]	LI Jie, ZHANG Zhaowei. Network security situation prediction method based on harmony search algorithm and relevance vector machine [J]. Journal of Computer Applications, 2016, 36(1): 199-202.