Abstract
We consider the problem of string matching in Network Intrusion Detection Systems (NIDSes). String matching computations dominate in the overall cost of running a NIDS, despite the use of efficient general-purpose string matching algorithms. Aiming at increasing the efficiency and capacity of NIDSes, we have designed E 2 xB, a string matching algorithm that is tailored to the specific characteristics of NIDS string matching. We have implemented E 2 xB in snort, a popular open-source NIDS, and present experiments comparing E 2 xB with the current best alternative solution. Our results suggest that for typical traffic patterns E 2 xB improves NIDS performance by 10%–36%, while for certain ruleset and traffic patterns string matching performance can be improved by as much as a factor of three.Keywordsnetwork securityintrusion detectionstring matchingnetwork monitoringnetwork performance
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
