Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
5003179 | IFAC Proceedings Volumes | 2006 | 7 Pages |
Abstract
Intrusion Prevention Systems (IPSs) have become widely recognized as a powerful tool and an important element of IT security safeguards. Essential to every network IPS is the ability to search through packets and identify patterns that match known attacks. Efficient string matching algorithms are therefore important for identifying theSe packets at line rate. In previous articles algorithms like AhcrCorasick, KarJrRabin, Bloom filters and their hardware implementation architectures were presented. The result of the current work is a fixed dictionary data compression module that preprocesses input stream for lower resource usage of the main string matching module. The prepared module matches the extended set of Snort IPS signatures achieving throughput of over 1.7 Ghps on the Altera Stratix II device. The compression preprocessing module reduces the size of pattern database by 40 % and diminishes the module memory resource usage by 30%. The proposed compression scheme can be used with every pattern matching algorithm, both in the software and hardware implementation.
Keywords
Related Topics
Physical Sciences and Engineering
Engineering
Computational Mechanics
Authors
Jakub Botwicz, Piotr Sapiecha,