ePrints@IIScePrints@IISc Home | About | Browse | Latest Additions | Advanced Search | Contact | Help

Efficient Regular Expression Pattern Matching for Network Intrusion Detection Systems using Modified Word-based Automata

Kumar, Pawan and Singh, Virendra (2012) Efficient Regular Expression Pattern Matching for Network Intrusion Detection Systems using Modified Word-based Automata. In: 5th International Conference on Security of Information and Networks (SIN), OCT 25-27, 2012 , Malaviya Natl Inst Technol, Dept Comp Engn, Jaipur, INDIA, pp. 103-110.

[img] PDF
pro_fif_int_con_sec_inf_net_103_2012.pdf - Published Version
Restricted to Registered users only

Download (981kB) | Request a copy
Official URL: http://dl.acm.org/citation.cfm?id=2388590

Abstract

Network Intrusion Detection Systems (NIDS) intercept the traffic at an organization's network periphery to thwart intrusion attempts. Signature-based NIDS compares the intercepted packets against its database of known vulnerabilities and malware signatures to detect such cyber attacks. These signatures are represented using Regular Expressions (REs) and strings. Regular Expressions, because of their higher expressive power, are preferred over simple strings to write these signatures. We present Cascaded Automata Architecture to perform memory efficient Regular Expression pattern matching using existing string matching solutions. The proposed architecture performs two stage Regular Expression pattern matching. We replace the substring and character class components of the Regular Expression with new symbols. We address the challenges involved in this approach. We augment the Word-based Automata, obtained from the re-written Regular Expressions, with counter-based states and length bound transitions to perform Regular Expression pattern matching. We evaluated our architecture on Regular Expressions taken from Snort rulesets. We were able to reduce the number of automata states between 50% to 85%. Additionally, we could reduce the number of transitions by a factor of 3 leading to further reduction in the memory requirements.

Item Type: Conference Paper
Publisher: ASSOC COMPUTING MACHINERY
Additional Information: Copyright for this article belongs to ASSOC COMPUTING MACHINERY,NEW YORK
Keywords: Regular Expressions;DPI;NIDS;Pattern Matching;DFA;NFA
Department/Centre: Division of Interdisciplinary Sciences > Supercomputer Education & Research Centre
Date Deposited: 15 Mar 2013 12:31
Last Modified: 15 Mar 2013 12:31
URI: http://eprints.iisc.ac.in/id/eprint/46092

Actions (login required)

View Item View Item