Abstract
String matching is the primary function of signature based intrusion detection systems. In this paper, a novel string matching algorithm is proposed based on the idea of searching words in a dictionary. We have also presented a scalable, high throughput, memory efficient and modular architecture for large scale string matching based on the proposed algorithm. The words of dictionary have been extracted from malicious patterns of Snort NIDS (2013) database. The memory efficiency of the proposed algorithms is directly proportional to the dissimilarity of patterns. In a large dictionary, it is feasible to create several groups in such a way that the members of each group satisfy a desired condition. The presented architecture is designed for implementation on the Field Programmable Gate Array and profits from the pipeline, modular structure and suitable utilization of distributed memory resources. Due to the routing limitation of FPGAs, the maximum length of patterns has been limited and a further solution suggested for tackling this obstacle. The post place & route implementation results of a set of 11895 patterns (117832 Byte) with lengths within the range from 2 to 20 characters show an efficiency of 1.47 Byte/Char or 0.28 (6-input LUT/char) and a maximum throughput of 2.38Gbps. Other results for a set of 3471 patterns (104399 Byte) with lengths within 21 and 40 characters show an efficiency of 1.87Byte/Char or 0.42 (6-input LUT/char) and the maximum throughput of 1.97Gbps. Adding new string to dictionary is feasible by placing extra modules in architecture.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.