TY - JOUR
T1 - Variable length pattern matching for hardware network intrusion detection system
AU - Xue, Chun Jason
AU - Liu, Meilin
AU - Zhuge, Qingfeng
AU - Sha, Edwin Hsing-Mean
PY - 2010/4
Y1 - 2010/4
N2 - With the wide adoption of internet into our everyday lives, internet security becomes an important issue. Intrusion detection at the network level is an effective way of stopping malicious attacks at the source and preventing viruses and worms from wide spreading. The key component in a successful network intrusion detection system is a high performance pattern matching engine that can uncover the malicious activities in real time. In this paper, we propose a highly parallel, scalable hardware based network intrusion detection system, that can handle variable pattern length efficiently and effectively. Pattern matching for a packet is completed in O(N log M) time where N is the size of the packet and M is the longest pattern length. Implementation is done on a standard off-the-shelf field-programmable gate array. Comparison with the other techniques shows promising results. © 2008 Springer Science+Business Media, LLC.
AB - With the wide adoption of internet into our everyday lives, internet security becomes an important issue. Intrusion detection at the network level is an effective way of stopping malicious attacks at the source and preventing viruses and worms from wide spreading. The key component in a successful network intrusion detection system is a high performance pattern matching engine that can uncover the malicious activities in real time. In this paper, we propose a highly parallel, scalable hardware based network intrusion detection system, that can handle variable pattern length efficiently and effectively. Pattern matching for a packet is completed in O(N log M) time where N is the size of the packet and M is the longest pattern length. Implementation is done on a standard off-the-shelf field-programmable gate array. Comparison with the other techniques shows promising results. © 2008 Springer Science+Business Media, LLC.
KW - Intrusion detection
KW - Parallel system
UR - http://www.scopus.com/inward/record.url?scp=77951255340&partnerID=8YFLogxK
UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-77951255340&origin=recordpage
U2 - 10.1007/s11265-008-0279-2
DO - 10.1007/s11265-008-0279-2
M3 - RGC 21 - Publication in refereed journal
SN - 1939-8018
VL - 59
SP - 85
EP - 93
JO - Journal of Signal Processing Systems
JF - Journal of Signal Processing Systems
IS - 1
ER -