Variable length pattern matching for hardware network intrusion detection system

Chun Jason Xue; Meilin Liu; Qingfeng Zhuge; Edwin Hsing-Mean Sha

doi:10.1007/s11265-008-0279-2

Variable length pattern matching for hardware network intrusion detection system

Chun Jason Xue, Meilin Liu, Qingfeng Zhuge, Edwin Hsing-Mean Sha

Department of Computer Science

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

2 Citations (Scopus)

Abstract

With the wide adoption of internet into our everyday lives, internet security becomes an important issue. Intrusion detection at the network level is an effective way of stopping malicious attacks at the source and preventing viruses and worms from wide spreading. The key component in a successful network intrusion detection system is a high performance pattern matching engine that can uncover the malicious activities in real time. In this paper, we propose a highly parallel, scalable hardware based network intrusion detection system, that can handle variable pattern length efficiently and effectively. Pattern matching for a packet is completed in O(N log M) time where N is the size of the packet and M is the longest pattern length. Implementation is done on a standard off-the-shelf field-programmable gate array. Comparison with the other techniques shows promising results. © 2008 Springer Science+Business Media, LLC.

Original language	English
Pages (from-to)	85-93
Journal	Journal of Signal Processing Systems
Volume	59
Issue number	1
DOIs	https://doi.org/10.1007/s11265-008-0279-2
Publication status	Published - Apr 2010

Research Keywords

Intrusion detection
Parallel system

Access Output

10.1007/s11265-008-0279-2

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@article{24ca8bd5edb14410b3edd7763d96dd65,

title = "Variable length pattern matching for hardware network intrusion detection system",

abstract = "With the wide adoption of internet into our everyday lives, internet security becomes an important issue. Intrusion detection at the network level is an effective way of stopping malicious attacks at the source and preventing viruses and worms from wide spreading. The key component in a successful network intrusion detection system is a high performance pattern matching engine that can uncover the malicious activities in real time. In this paper, we propose a highly parallel, scalable hardware based network intrusion detection system, that can handle variable pattern length efficiently and effectively. Pattern matching for a packet is completed in O(N log M) time where N is the size of the packet and M is the longest pattern length. Implementation is done on a standard off-the-shelf field-programmable gate array. Comparison with the other techniques shows promising results. {\textcopyright} 2008 Springer Science+Business Media, LLC.",

keywords = "Intrusion detection, Parallel system",

author = "Xue, {Chun Jason} and Meilin Liu and Qingfeng Zhuge and Sha, {Edwin Hsing-Mean}",

year = "2010",

month = apr,

doi = "10.1007/s11265-008-0279-2",

language = "English",

volume = "59",

pages = "85--93",

journal = "Journal of Signal Processing Systems",

issn = "1939-8018",

publisher = "Springer New York",

number = "1",

}

TY - JOUR

T1 - Variable length pattern matching for hardware network intrusion detection system

AU - Xue, Chun Jason

AU - Liu, Meilin

AU - Zhuge, Qingfeng

AU - Sha, Edwin Hsing-Mean

PY - 2010/4

Y1 - 2010/4

N2 - With the wide adoption of internet into our everyday lives, internet security becomes an important issue. Intrusion detection at the network level is an effective way of stopping malicious attacks at the source and preventing viruses and worms from wide spreading. The key component in a successful network intrusion detection system is a high performance pattern matching engine that can uncover the malicious activities in real time. In this paper, we propose a highly parallel, scalable hardware based network intrusion detection system, that can handle variable pattern length efficiently and effectively. Pattern matching for a packet is completed in O(N log M) time where N is the size of the packet and M is the longest pattern length. Implementation is done on a standard off-the-shelf field-programmable gate array. Comparison with the other techniques shows promising results. © 2008 Springer Science+Business Media, LLC.

AB - With the wide adoption of internet into our everyday lives, internet security becomes an important issue. Intrusion detection at the network level is an effective way of stopping malicious attacks at the source and preventing viruses and worms from wide spreading. The key component in a successful network intrusion detection system is a high performance pattern matching engine that can uncover the malicious activities in real time. In this paper, we propose a highly parallel, scalable hardware based network intrusion detection system, that can handle variable pattern length efficiently and effectively. Pattern matching for a packet is completed in O(N log M) time where N is the size of the packet and M is the longest pattern length. Implementation is done on a standard off-the-shelf field-programmable gate array. Comparison with the other techniques shows promising results. © 2008 Springer Science+Business Media, LLC.

KW - Intrusion detection

KW - Parallel system

UR - http://www.scopus.com/inward/record.url?scp=77951255340&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-77951255340&origin=recordpage

U2 - 10.1007/s11265-008-0279-2

DO - 10.1007/s11265-008-0279-2

M3 - RGC 21 - Publication in refereed journal

SN - 1939-8018

VL - 59

SP - 85

EP - 93

JO - Journal of Signal Processing Systems

JF - Journal of Signal Processing Systems

IS - 1

ER -

Variable length pattern matching for hardware network intrusion detection system

Abstract

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this