Abstract
We present a multi-gigabit rate multiple pattern-matching algorithm with TCAM that enables protecting against malicious attacks in a high-speed network. The proposed algorithm significantly reduces the number of TCAM lookups per payload with m-byte jumping window scheme. Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload in order to inspect the content. Furthermore, multi-packet inspection is achieved easily by the extended state transition diagram with the shifting distance. With experimental results, we have clearly justified the proposed algorithm works well for a multi-gigabit network intrusion detection system.
This research was supported in part by ITRC program of the Ministry of Information and Communication, Korea.
Chapter PDF
Similar content being viewed by others
References
Dharmapurikar, S., Krishnamurthy, P., Sproull, T.S., Lockwood, J.W.: Deep Packet Inspection using Parallel Bloom Filters. IEEE Micro 24(1), 52–61 (2004)
Lockwood, J., Moscola, J., Kulig, M., Reddick, D., Brooks, T.: Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware in Military and Aerospace Programmable Logic Device (MAPLD) (September 2003)
Sourdis, I., Pnevmatikatos, D.: Fast, Large-Scale String Match for a 10Gbps FPGA-based Network Intrusion Detection System. In: Conference on Field Programmable Logic and Applications (September 2003)
Jungck, P., Shim, S.S.Y.: Issues in high-speed internet security. IEEE Computer Magazine 37(7), 22–28 (2004)
Fisk, M., Varghese, G.: Fast content-based packet handling for intrusion detection in Tech. Report CS2001-0670, UCSD (May 2001)
Wu, S., Manber, U.: A fast algorithm for multi-pattern searching in Tech. Report, TR94-17, University of Arizona (May 1994)
Bo, J., Bin, L.: High-speed discrete content Sensitive pattern match algorithm for deep packet filtering. In: Int’l Conf. on Computer Networks and Mobile Computing (2003)
Yu, F., Katz, R.H., Lakshman, T.V.: Gigabit rate packet pattern-matching using TCAM. In: IEEE Int’l Conf. on Network Protocols, October 2004, pp. 174–183 (2004)
Sung, J., Kang, S., Lee, Y., Kwon, T., Kim, B.: A Multi-gigabit Rate Deep Packet Inspection Algorithm using TCAM. In: IEEE Globecom (November 2005)
Intel: Intel 2800 Network Processor in Hardware Reference Manual (January 2004)
IDT: Integrated IP Co-Processor (IIPC) with QDR Interface in IDT75K52134/ IDT75K62134 User Manual (Septemer 2002)
Kang, S., Song, I., Lee, Y., Kwon, T.: Design and Implementation of a Multi-gigabit Intrusion and Virus/Worm Detection System. In: IEEE ICC (June 2006) (to appear)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 IFIP International Federation for Information Processing
About this paper
Cite this paper
Sung, JS., Kang, SM., Kwon, TG. (2006). A Fast Pattern-Matching Algorithm for Network Intrusion Detection System. In: Boavida, F., Plagemann, T., Stiller, B., Westphal, C., Monteiro, E. (eds) NETWORKING 2006. Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems. NETWORKING 2006. Lecture Notes in Computer Science, vol 3976. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11753810_102
Download citation
DOI: https://doi.org/10.1007/11753810_102
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34192-5
Online ISBN: 978-3-540-34193-2
eBook Packages: Computer ScienceComputer Science (R0)