2006 Workshop on High Performance Switching and Routing 2006
DOI: 10.1109/hpsr.2006.1709697
|View full text |Cite
|
Sign up to set email alerts
|

High performance string matching algorithm for a network intrusion prevention system (NIPS)

Abstract: Intrusion Detection systems (IDS) were developed to identify and report attacks in the late 1990s, as hacker attacks and network worms began to affect the internet. Traditional IDS technologies detect hostile traffic and send alerts but do nothing to stop the attacks. Network Intrusion Prevention Systems (NIPS) are deployed in-line with the network segment being protected. As the traffic passes through the NIPS, it is inspected for the presence of an attack. Like viruses, most intruder activities have some sor… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
14
0

Year Published

2009
2009
2017
2017

Publication Types

Select...
5
3

Relationship

0
8

Authors

Journals

citations
Cited by 37 publications
(14 citation statements)
references
References 8 publications
(9 reference statements)
0
14
0
Order By: Relevance
“…Yu et al [33] propose a TCAM-based scheme for matching simple regular expressions or strings. Weinsberg et al [31] introduces the rotating TCAM (RTCAM), which uses shifted patterns to increase matching speeds further. In all TCAM approaches, pattern lengths are limited to TCAM width and the complexity of acceptable regular expressions is greatly limited.…”
Section: Related Workmentioning
confidence: 99%
“…Yu et al [33] propose a TCAM-based scheme for matching simple regular expressions or strings. Weinsberg et al [31] introduces the rotating TCAM (RTCAM), which uses shifted patterns to increase matching speeds further. In all TCAM approaches, pattern lengths are limited to TCAM width and the complexity of acceptable regular expressions is greatly limited.…”
Section: Related Workmentioning
confidence: 99%
“…Although this technique can greatly improve the ability of preventing intrusion, issues with misreporting of intrusion prevention in IDS and filch of information in SAN need to be considered in future. A novel pattern-matching algorithm, which uses ternary content addressable memory (TCAM) and capable of matching multiple patterns in a single operation was considered in (Weinberg et al, 2006). This system is compatible with Snort's rules syntax, which is the de facto standard for intrusion prevention systems.…”
Section: Intrusion Prevention Systemsmentioning
confidence: 97%
“…Yu et al [30] propose a TCAM-based scheme for matching simple regular expressions or strings. Weinsberg et al [29] introduces the Rotating TCAM (RTCAM), which uses shifted patterns to increase matching speeds further. In all TCAM approaches, pattern lengths are limited to TCAM width and the complexity of acceptable regular expressions is greatly limited.…”
Section: Related Workmentioning
confidence: 99%