Referenced Items are not available for this document.
Open Access
As the core algorithm and the most time consuming part of almost every modern network intrusion management system (NIMS), string matching is essential for the inspection of network flows at the line speed. This paper presents a memory and time efficient string matching algorithm specifically designed for NIMS on commodity processors. Modifications of the Aho-Corasick (AC) algorithm based on the distribution characteristics of NIMS patterns drastically reduce the memory usage without sacrificing speed in software implementations. In tests on the Snort pattern set and traces that represent typical NIMS workloads, the Snort performance was enhanced 1.480/0–200/0 compared to other well-known alternatives with an automaton size reduction of 4.86–6.11 compared to the standard AC implementation. The results show that special characteristics of the NIMS can be used into a very effective method to optimize the algorithm design.
Published in:
Tsinghua Science and Technology
(Volume:12
,
Issue:
5
)
Date of Publication: Oct. 2007
- Page(s):
- 585 - 593
- Digital Object Identifier :
- 10.1016/S1007-0214(07)70137-2
- Product Type:
- Journals & Magazines
- Date of Current Version :
- 17 January 2012
- Issue Date :
- Oct. 2007
- Sponsored by :
- Tsinghua University Press (TUP)
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
