Signature Based Rule Matching Technique in Network Intrusion Detection System
Source: International Journal of Advanced Research in Computer Science and Software Engineering (IJARCSSE)
Signature is the pattern that you look for inside a data packet. A signature is used to detect one or multiple types of attacks. Signatures may be present in different parts of a data packet depending upon the nature of the attack. The authors can find signatures in the IP header, transport layer header (TCP or UDP header) and application layer header or payload. Usually IDS depends upon signatures to find out about intruder activity. With the increased amount of data transferred by computer networks, the amount of the malicious traffic also increases and therefore it is necessary to protect the network by security system such as firewalls and the Intrusion Detection System. Pattern matching is the time critical operation of current Intrusion Detection System.