Applying Fast String Matching to Intrusion Detection

Abstract

The performance of signature-based network intrusion detection tools is dominated by the string matching of packets against many signatures. In this paper we study how the popular intrusion detection system Snort can be best optimized to utilize different string matching algorithms. We analyze the performance of Snort's current string matching algorithm, Boyer-Moore, and several alternate algorithms.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2002
Accession Number
ADA406266

Entities

People

  • George Varghese
  • Mike Fisk

Organizations

  • Los Alamos National Laboratory

Tags

Communities of Interest

  • Advanced Electronics
  • Human Systems

DTIC Thesaurus Topics

  • Algorithms
  • Classification
  • Commerce
  • Construction
  • Detection
  • Electronic Commerce
  • Filters
  • Flight Recorders
  • Information Operations
  • Internet
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Iterations
  • Language
  • Probability

Fields of Study

  • Computer science

Readers

  • Mathematical Modeling and Probability Theory.
  • Sensor Fusion and Tracking Systems.
  • Speech Processing/Speech Recognition.