Exclusion-based Signature Matching for Intrusion Detection

E.P. Markatos, S. Antonatos, M. Polychronakis, and K.G. Anagnostakis (Greece)


network security, intrusion detection, string matching, network performance


We consider the problem of efficient string-based signature matching for Network Intrusion Detection Systems (NID Ses). String matching computations dominate in the overall cost of running a NIDS, despite the use of efficient general purpose string matching algorithms. Aiming at increasing the efficiency and capacity of NIDSes, we have designed ExB, a string matching algorithm tailored to the specific characteristics of NIDS string matching. We have implemented ExB in snort and present experiments comparing ExB with the current best alternative solution. Our preliminary experiments suggest that ExB offers improvements in overall system performance by as much as a factor of three.

Important Links:

Go Back