Selective Regular Expression Matching
The signature-based intrusion detection is one of the most commonly used techniques implemented in modern Intrusion Detection Systems (IDS). One of the powerful tools that gained wide acceptance in IDS signatures over the past several years is the regular expressions. How-ever, the performance requirements of traditional methods for matching the incoming events against regular expressions are prohibitively high. This limits the use of regular expressions in majority of modern IDS products. In this paper, the authors present an approach for selective matching of regular expressions. Instead of serially matching all regular expressions, they compile a set of shortest patterns most frequently seen in regular expressions that allows to quickly filter out events that do not match any of the IDS signatures.