Design and evaluation of parallel string matching algorithms for network intrusion detection systems

Tyrone Tai On Kwok; Yu Kwong Kwok

doi:10.1007/978-3-540-74784-0_35

Design and evaluation of parallel string matching algorithms for network intrusion detection systems

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Citations (Scopus)

Abstract

Network security is very important for Internet-connected hosts because of the widespread of worms, viruses, DoS attacks, etc. As a result, a network intrusion detection system (NIDS) is typically needed to detect network attacks by packet inspection. For an NIDS system, string matching is the computation-intensive task and hence the performance bottleneck, since every byte of the payload of packets must be checked against numerous predefined signature strings, which may occur arbitrarily in the payload. In this paper, we present the design and evaluation of parallel string matching algorithms targeting hardware implementation on FPGAs and software implementation on multi-core processors. Experimental results show that, on a multi-processor system, the multi-threaded implementation of the proposed parallel string matching algorithm can reduce string matching time by more than 40%.

Original language	English
Title of host publication	Network and Parallel Computing - IFIP International Conference, NPC 2007, Proceedings
Editors	Keqiu Li, Keqiu Li, Keqiu Li, Chris Jesshope, Chris Jesshope, Chris Jesshope, Hai Jin, Hai Jin, Hai Jin, Jean-Luc Gaudiot, Jean-Luc Gaudiot, Jean-Luc Gaudiot
Pages	344-353
Number of pages	10
DOIs	https://doi.org/10.1007/978-3-540-74784-0_35
Publication status	Published - 2007
Externally published	Yes
Event	2007 IFIP International Conference on Network and Parallel Computing, NPC 2007 - Dalian, China Duration: 18 Sept 2007 → 21 Sept 2007

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4672 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	2007 IFIP International Conference on Network and Parallel Computing, NPC 2007
Country/Territory	China
City	Dalian
Period	18/09/07 → 21/09/07

Access to Document

10.1007/978-3-540-74784-0_35

Cite this

Kwok, T. T. O., & Kwok, Y. K. (2007). Design and evaluation of parallel string matching algorithms for network intrusion detection systems. In K. Li, K. Li, K. Li, C. Jesshope, C. Jesshope, C. Jesshope, H. Jin, H. Jin, H. Jin, J.-L. Gaudiot, J.-L. Gaudiot, & J.-L. Gaudiot (Eds.), Network and Parallel Computing - IFIP International Conference, NPC 2007, Proceedings (pp. 344-353). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4672 LNCS). https://doi.org/10.1007/978-3-540-74784-0_35

Kwok, Tyrone Tai On ; Kwok, Yu Kwong. / Design and evaluation of parallel string matching algorithms for network intrusion detection systems. Network and Parallel Computing - IFIP International Conference, NPC 2007, Proceedings. editor / Keqiu Li ; Keqiu Li ; Keqiu Li ; Chris Jesshope ; Chris Jesshope ; Chris Jesshope ; Hai Jin ; Hai Jin ; Hai Jin ; Jean-Luc Gaudiot ; Jean-Luc Gaudiot ; Jean-Luc Gaudiot. 2007. pp. 344-353 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{5ebde8ef295f4948b47176dd96f90fdc,

title = "Design and evaluation of parallel string matching algorithms for network intrusion detection systems",

abstract = "Network security is very important for Internet-connected hosts because of the widespread of worms, viruses, DoS attacks, etc. As a result, a network intrusion detection system (NIDS) is typically needed to detect network attacks by packet inspection. For an NIDS system, string matching is the computation-intensive task and hence the performance bottleneck, since every byte of the payload of packets must be checked against numerous predefined signature strings, which may occur arbitrarily in the payload. In this paper, we present the design and evaluation of parallel string matching algorithms targeting hardware implementation on FPGAs and software implementation on multi-core processors. Experimental results show that, on a multi-processor system, the multi-threaded implementation of the proposed parallel string matching algorithm can reduce string matching time by more than 40\%.",

author = "Kwok, \{Tyrone Tai On\} and Kwok, \{Yu Kwong\}",

year = "2007",

doi = "10.1007/978-3-540-74784-0\_35",

language = "English",

isbn = "9783540747833",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "344--353",

editor = "Keqiu Li and Keqiu Li and Keqiu Li and Chris Jesshope and Chris Jesshope and Chris Jesshope and Hai Jin and Hai Jin and Hai Jin and Jean-Luc Gaudiot and Jean-Luc Gaudiot and Jean-Luc Gaudiot",

booktitle = "Network and Parallel Computing - IFIP International Conference, NPC 2007, Proceedings",

note = "2007 IFIP International Conference on Network and Parallel Computing, NPC 2007 ; Conference date: 18-09-2007 Through 21-09-2007",

}

Kwok, TTO & Kwok, YK 2007, Design and evaluation of parallel string matching algorithms for network intrusion detection systems. in K Li, K Li, K Li, C Jesshope, C Jesshope, C Jesshope, H Jin, H Jin, H Jin, J-L Gaudiot, J-L Gaudiot & J-L Gaudiot (eds), Network and Parallel Computing - IFIP International Conference, NPC 2007, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4672 LNCS, pp. 344-353, 2007 IFIP International Conference on Network and Parallel Computing, NPC 2007, Dalian, China, 18/09/07. https://doi.org/10.1007/978-3-540-74784-0_35

Design and evaluation of parallel string matching algorithms for network intrusion detection systems. / Kwok, Tyrone Tai On ; Kwok, Yu Kwong.
Network and Parallel Computing - IFIP International Conference, NPC 2007, Proceedings. ed. / Keqiu Li; Keqiu Li; Keqiu Li; Chris Jesshope; Chris Jesshope; Chris Jesshope; Hai Jin; Hai Jin; Hai Jin; Jean-Luc Gaudiot; Jean-Luc Gaudiot; Jean-Luc Gaudiot. 2007. p. 344-353 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4672 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Design and evaluation of parallel string matching algorithms for network intrusion detection systems

AU - Kwok, Tyrone Tai On

AU - Kwok, Yu Kwong

PY - 2007

Y1 - 2007

N2 - Network security is very important for Internet-connected hosts because of the widespread of worms, viruses, DoS attacks, etc. As a result, a network intrusion detection system (NIDS) is typically needed to detect network attacks by packet inspection. For an NIDS system, string matching is the computation-intensive task and hence the performance bottleneck, since every byte of the payload of packets must be checked against numerous predefined signature strings, which may occur arbitrarily in the payload. In this paper, we present the design and evaluation of parallel string matching algorithms targeting hardware implementation on FPGAs and software implementation on multi-core processors. Experimental results show that, on a multi-processor system, the multi-threaded implementation of the proposed parallel string matching algorithm can reduce string matching time by more than 40%.

AB - Network security is very important for Internet-connected hosts because of the widespread of worms, viruses, DoS attacks, etc. As a result, a network intrusion detection system (NIDS) is typically needed to detect network attacks by packet inspection. For an NIDS system, string matching is the computation-intensive task and hence the performance bottleneck, since every byte of the payload of packets must be checked against numerous predefined signature strings, which may occur arbitrarily in the payload. In this paper, we present the design and evaluation of parallel string matching algorithms targeting hardware implementation on FPGAs and software implementation on multi-core processors. Experimental results show that, on a multi-processor system, the multi-threaded implementation of the proposed parallel string matching algorithm can reduce string matching time by more than 40%.

UR - https://www.scopus.com/pages/publications/38149114079

U2 - 10.1007/978-3-540-74784-0_35

DO - 10.1007/978-3-540-74784-0_35

M3 - Conference contribution

AN - SCOPUS:38149114079

SN - 9783540747833

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 344

EP - 353

BT - Network and Parallel Computing - IFIP International Conference, NPC 2007, Proceedings

A2 - Li, Keqiu

A2 - Jesshope, Chris

A2 - Jin, Hai

A2 - Gaudiot, Jean-Luc

T2 - 2007 IFIP International Conference on Network and Parallel Computing, NPC 2007

Y2 - 18 September 2007 through 21 September 2007

ER -

Kwok TTO , Kwok YK. Design and evaluation of parallel string matching algorithms for network intrusion detection systems. In Li K, Li K, Li K, Jesshope C, Jesshope C, Jesshope C, Jin H, Jin H, Jin H, Gaudiot JL, Gaudiot JL, Gaudiot JL, editors, Network and Parallel Computing - IFIP International Conference, NPC 2007, Proceedings. 2007. p. 344-353. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-74784-0_35

Design and evaluation of parallel string matching algorithms for network intrusion detection systems

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this