A Fast Pattern Matching Algorithm With Multi-Byte Search Unit for High-Speed Network Security
Source: Reed Elsevier
A signature-based intrusion detection system identifies intrusions by comparing the data traffic with known signature patterns. In this process, matching of packet strings against signature patterns is the most time-consuming step and dominates the overall system performance. Many signature-based Network Intrusion Detection Systems (NIDS), e.g., the Snort, employ one or multiple pattern matching algorithms to detect multiple attack types. So far, many pattern matching algorithms have been proposed. Most of them use single-byte standard unit for search, while a few algorithms such as the Modified Wu - Manber (MWM) algorithm use typically two-byte unit, which guarantees better performance than others even as the number of different signatures increases.