Please use this identifier to cite or link to this item: http://hdl.handle.net/10397/19950
Title: Scalable NIDS via negative pattern matching and exclusive pattern matching
Authors: Zheng, K
Zhang, X
Cai, Z
Wang, Z
Yang, B
Keywords: Content-addressable storage
Parallel processing
Pattern matching
Security of data
Issue Date: 2010
Publisher: IEEE
Source: 2010 proceedings, IEEE INFOCOM : San Diego, California, USA : 15-19 March 2010, p. 1-9 How to cite?
Abstract: In this paper, we identify the unique challenges in deploying parallelism on TCAM-based pattern matching for Network Intrusion Detection Systems (NIDSes). We resolve two critical issues when designing scalable parallelism specifically for pattern matching modules: 1) how to enable fine-grained parallelism in pursuit of effective load balancing and desirable speedup simultaneously; and 2) how to reconcile the tension between parallel processing speedup and prohibitive TCAM power consumption. To this end, we first propose the novel concept of Negative Pattern Matching to partition flows, by which the number of TCAM lookups can be significantly reduced, and the resulting (fine-grained) flow segments can be inspected in parallel without incurring false negatives. Then we propose the notion of Exclusive Pattern Matching to divide the entire pattern set into multiple subsets which can later be matched against selectively and independently without affecting the correctness. We show that Exclusive Pattern Matching enables the adoption of smaller and faster TCAM blocks and improves both the pattern matching speed and scalability. Finally, our theoretical and experimental results validate that the above two concepts are inherently complementary, enabling our integrated scheme to provide performance gain in any scenario (with either clean or dirty traffic).
URI: http://hdl.handle.net/10397/19950
ISBN: 978-1-4244-5836-3
ISSN: 0743-166X
DOI: 10.1109/INFCOM.2010.5462152
Appears in Collections:Conference Paper

Access
View full-text via PolyU eLinks SFX Query
Show full item record

SCOPUSTM   
Citations

1
Last Week
0
Last month
0
Citations as of Apr 30, 2016

Page view(s)

37
Last Week
4
Last month
Checked on Aug 13, 2017

Google ScholarTM

Check

Altmetric



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.