期刊名称:International Journal of Innovative Research in Computer and Communication Engineering
印刷版ISSN:2320-9798
电子版ISSN:2320-9801
出版年度:2017
卷号:5
期号:1
页码:1151
DOI:10.15680/IJIRCCE.2017.0501120
出版社:S&S Publications
摘要:Deep packet inspection has become a key component in network intrusion detection systems (NIDSes),where every packet in the incoming data stream needs to be compared with patterns in an attack database, byte-by-byte,using either string matching or regular expression matching. Regular expression matching, despite its flexibility andefficiency in attack identification, brings significantly high computation and storage complex- ities to NIDSes, makingline-rate packet processing a challenging task. In this paper, we present stride finite automata (StriFA), a novel finiteautomata family, to accelerate both string matching and regular expression matching. Different from conventional finiteautomata, which scan the entire traffic stream to locate malicious information, a StriFA only needs to scan a partialtraffic stream to find suspicious information. The presented StriFA technique has been implemented in software andevaluated based on different traces. The simulation results show that the StriFA acceleration scheme offers an increasedspeed over traditional nondeterministic finite automaton/deterministic finite automaton, while at the same timereducing the memory requirement.
