Abstract
Pattern matching is a critical component of deep packet inspection (DPI). To provide fast matching speed, deterministic finite automata constructed with the Aho-Corasic algorithm (AC-DFA) has been widely used. The matching speed of an AC-DFA is highly affected by the memory size used to store the DFA. In this paper, we propose a fast pattern matching algorithm using partitioned AC-DFAs. Most pattern matching algorithms using AC-DFAs partition an AC-DFA statically. Our proposed algorithm, however, dynamically partitions an AC-DFA according to inspected packet payloads. Simulation results show that our proposed algorithm achieves a higher matching speed (from 15% to 176%) than other two pattern matching algorithms that use partitioned AC-DFAs.
Highlights
Security is an important issue in today’s Internet
We focus on signature-based network intrusion detection systems (NIDSs)
Lee et al[13] found that even in cases where a good depth value is selected, the HBM algorithm may still fail to achieve good throughput due to the way it partitions the AC-deterministic finite automaton (DFA). They proposed a pattern matching algorithm called flexible head-body matching (FHBM) algorithm that partitions head and body parts based on head size
Summary
Security is an important issue in today’s Internet. Traditional firewalls provide basic protection by examining packet headers. Since it is hard to define abnormal behaviors, signature-based NIDSs has the advantage of precisely detecting known attacks, and they have been studied extensively in the literature. We focus on signature-based NIDSs. Pattern matching is a key factor influencing the performance of an NIDS since it consumes a significant portion of system execution time[3,4]. Pattern matching algorithms can be implemented with hardware or software. The computing power of GPU has increased rapidly, GPU-based pattern matching algorithms consume significantly more energy and require higher cost compared with CPU-based ones. Dynamically partitions an AC-DFA according to the numbers of accesses of all states, and can provide a higher matching speed than other algorithms.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
