scholarly journals A High-speed Pattern Matching Acceleration System for Network Intrusion Prevention Systems

2005 ◽  
Vol 12A (2) ◽  
pp. 87-94 ◽  
Author(s):  
Sunil Kim
Keyword(s):  
Pattern Matching ◽  
High Speed ◽  
Intrusion Prevention ◽  
Network Intrusion ◽  
Intrusion Prevention Systems

Resource allocation in network processors for network intrusion prevention systems

2007 ◽  
Vol 80 (7) ◽  
pp. 1030-1036 ◽  
Author(s):  
Yi-Neng Lin ◽  
Yao-Chung Chang ◽  
Ying-Dar Lin ◽  
Yuan-Chen Lai
Keyword(s):  
Resource Allocation ◽  
Network Processors ◽  
Intrusion Prevention ◽  
Network Intrusion ◽  
Intrusion Prevention Systems

scholarly journals High-performance Architecture of Network Intrusion Prevention Systems

2014 ◽  
Vol 1 (3) ◽  
pp. e3
Author(s):  
Zhao Yueai ◽  
Hou Pengcheng ◽  
Wang Ling ◽  
Han Suqing
Keyword(s):  
High Performance ◽  
Intrusion Prevention ◽  
Network Intrusion ◽  
Intrusion Prevention Systems

scholarly journals Two-Phase PFAC Algorithm for Multiple Patterns Matching on CUDA GPUs

Electronics ◽  
2019 ◽  
Vol 8 (3) ◽  
pp. 270
Author(s):  
Wei-Shen Lai ◽  
Chao-Chin Wu ◽  
Lien-Fu Lai ◽  
Min-Chi Sie
Keyword(s):  
Pattern Matching ◽  
High Speed ◽  
Finite State Machine ◽  
State Machine ◽  
Second Phase ◽  
Processing Unit ◽  
Two Phase ◽  
High Speed Networks ◽  
Network Intrusion ◽  
Finite State

The rapid advancement of high speed networks has resulted in a significantly increasing number of network packets per second nowadays, implying network intrusion detection systems (NIDSs) need to accelerate the inspection of packet content to protect the computer systems from attacks. On average, the pattern matching process in a NIDS consumes approximately 70% of the overall processing time. The conventional Aho–Corasick (AC) algorithm, adopting a finite state machine to identify attack patterns in NIDSs, is too slow to meet the requirement of high speed networks. In view of this, several studies have used the features of a graphics processing unit (GPU) to improve the core searching process of the AC algorithm. For instance, parallel failureless Aho-Corasick (PFAC) algorithm improves the process of pattern matching effectively by removing backward branches in the original finite state machine created using the AC algorithm. In this way, boundary detection can be avoided totally if we allocate an individual thread to each byte of an input stream to identify any pattern starting at the thread’s starting position. However, through analysis, we found that this algorithm experiences a serious load imbalance problem. Therefore, this paper proposes a two-phase PFAC algorithm to address the problem. A threshold is predefined to divide execution into two phases, and the failureless finite state machine is also decoupled into two parts accordingly. In the first phase, every thread identifies patterns by running the tiny part of the decoupled failureless finite state machine that are stored in fast shared memory. In the second phase, all the threads requiring further searching in a same block are regrouped into a few warps for less branch divergence. According to experimental results, the proposed algorithm shows a performance improvement of 50% compared to the PFAC algorithm.

Parallel Combining Different Approaches to Multi-pattern Matching for Fpga-based Security Systems

2017 ◽  
Vol 5 (1) ◽  
pp. 8-15
Author(s):  
Sergii Hilgurt ◽  
Keyword(s):  
Information Security ◽  
Pattern Matching ◽  
Intrusion Detection System ◽  
Detection System ◽  
Finite Automata ◽  
Network Intrusion Detection ◽  
Security Systems ◽  
Analytical Technique ◽  
Network Intrusion ◽  
Pros And Cons

The multi-pattern matching is a fundamental technique found in applications like a network intrusion detection system, anti-virus, anti-worms and other signature- based information security tools. Due to rising traffic rates, increasing number and sophistication of attacks and the collapse of Moore’s law, traditional software solutions can no longer keep up. Therefore, hardware approaches are frequently being used by developers to accelerate pattern matching. Reconfigurable FPGA-based devices, providing the flexibility of software and the near-ASIC performance, have become increasingly popular for this purpose. Hence, increasing the efficiency of reconfigurable information security tools is a scientific issue now. Many different approaches to constructing hardware matching circuits on FPGAs are known. The most widely used of them are based on discrete comparators, hash-functions and finite automata. Each approach possesses its own pros and cons. None of them still became the leading one. In this paper, a method to combine several different approaches to enforce their advantages has been developed. An analytical technique to quickly advance estimate the resource costs of each matching scheme without need to compile FPGA project has been proposed. It allows to apply optimization procedures to near-optimally split the set of pattern between different approaches in acceptable time.

Text pattern matching based on a high-speed signal processor

1994 ◽  
Vol 30 (11) ◽  
pp. 837 ◽  
Author(s):  
P.A. Mitkas ◽  
S.P. Sastry
Keyword(s):  
Pattern Matching ◽  
High Speed ◽  
Signal Processor

Power information network intrusion detection based on deep learning and cloud computing

2021 ◽  
pp. 1-9
Author(s):  
Xiangbing Zhao ◽  
Jianhui Zhou
Keyword(s):  
Cloud Computing ◽  
Deep Learning ◽  
Intrusion Detection ◽  
High Speed ◽  
Information Networks ◽  
Network Intrusion Detection ◽  
Information Network ◽  
Advantages And Disadvantages ◽  
Network Intrusion ◽  
Capture Mechanism

With the advent of the computer network era, people like to think in deeper ways and methods. In addition, the power information network is facing the problem of information leakage. The research of power information network intrusion detection is helpful to prevent the intrusion and attack of bad factors, ensure the safety of information, and protect state secrets and personal privacy. In this paper, through the NRIDS model and network data analysis method, based on deep learning and cloud computing, the demand analysis of the real-time intrusion detection system for the power information network is carried out. The advantages and disadvantages of this kind of message capture mechanism are compared, and then a high-speed article capture mechanism is designed based on the DPDK research. Since cloud computing and power information networks are the most commonly used tools and ways for us to obtain information in our daily lives, our lives will be difficult to carry out without cloud computing and power information networks, so we must do a good job to ensure the security of network information network intrusion detection and defense measures.

Efficient middlebox scaling for virtualized intrusion prevention systems in software-defined networks

2021 ◽  
Vol 65 (8) ◽  
Author(s):  
Junchi Xing ◽  
Chunming Wu ◽  
Haifeng Zhou ◽  
Qiumei Cheng ◽  
Danrui Yu ◽  
...  
Keyword(s):  
Software Defined Networks ◽  
Intrusion Prevention ◽  
Intrusion Prevention Systems
Sign in / Sign up

Export Citation Format

Share Document