Next Article in Journal
Correction: A No Reference Image Quality Assessment Metric Based on Visual Perception. Algorithms 2016, 9, 87
Next Article in Special Issue
Development of Filtered Bispectrum for EEG Signal Feature Extraction in Automatic Emotion Recognition Using Artificial Neural Networks
Previous Article in Journal
Contradiction Detection with Contradiction-Specific Word Embedding
Previous Article in Special Issue
An Asynchronous Message-Passing Distributed Algorithm for the Generalized Local Critical Section Problem
Open AccessArticle

A Flexible Pattern-Matching Algorithm for Network Intrusion Detection Systems Using Multi-Core Processors

Department of Computer Science and Information Engineering, School of Electrical and Computer Engineering, College of Engineering, Chang Gung University, Taoyuan 33302, Taiwan
*
Author to whom correspondence should be addressed.
Academic Editor: Andras Farago
Algorithms 2017, 10(2), 58; https://doi.org/10.3390/a10020058
Received: 15 March 2017 / Revised: 17 May 2017 / Accepted: 20 May 2017 / Published: 24 May 2017
(This article belongs to the Special Issue Networks, Communication, and Computing)
As part of network security processes, network intrusion detection systems (NIDSs) determine whether incoming packets contain malicious patterns. Pattern matching, the key NIDS component, consumes large amounts of execution time. One of several trends involving general-purpose processors (GPPs) is their use in software-based NIDSs. In this paper, we describe our proposal for an efficient and flexible pattern-matching algorithm for inspecting packet payloads using a head-body finite automaton (HBFA). The proposed algorithm takes advantage of multi-core GPP parallelism and single-instruction multiple-data operations to achieve higher throughput compared to that resulting from traditional deterministic finite automata (DFA) using the Aho-Corasick algorithm. Whereas the head-body matching (HBM) algorithm is based on pre-defined DFA depth value, our HBFA algorithm is based on head size. Experimental results using Snort and ClamAV pattern sets indicate that the proposed algorithm achieves up to 58% higher throughput compared to its HBM counterpart. View Full-Text
Keywords: network security; pattern matching algorithm; deep packet inspection; intrusion detection system network security; pattern matching algorithm; deep packet inspection; intrusion detection system
Show Figures

Figure 1

MDPI and ACS Style

Lee, C.-L.; Yang, T.-H. A Flexible Pattern-Matching Algorithm for Network Intrusion Detection Systems Using Multi-Core Processors. Algorithms 2017, 10, 58.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map

1
Back to TopTop