Adaptive character frequency-based exclusive signature matching scheme in distributed intrusion detection environment

Yuxin Meng, Wenjuan Li

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

10 Citations (Scopus)

Abstract

Currently, signature-based network intrusion detection systems (NIDSs) are being widely deployed in distributed network environment with the purpose of protecting network communications from various attacks. However, signature matching has become a key limiting factor to restrict the performance of a signature-based NIDS in large-scale distributed network environment. The overhead network packets can greatly reduce the effectiveness of such detection systems and heavily consume computer resources. To mitigate this issue, a more efficient signature matching algorithm is desirable. In this paper, we therefore develop an adaptive character frequency-based exclusive signature matching scheme that can be implemented in a signature-based NIDS to help improve the performance of signature matching. In the experiment, we implemented our scheme in a distributed network environment and evaluated the performance of our scheme compared with Snort. The experimental results show that, in our distributed network environment, our scheme can positively reduce the time consumption in the range from 11.2% to 37.6%.

Original languageEnglish
Title of host publicationProc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012
Pages223-230
Number of pages8
DOIs
Publication statusPublished - 2012
Externally publishedYes
Event11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - Liverpool, United Kingdom
Duration: 25 Jun 201227 Jun 2012

Publication series

NameProc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012

Conference

Conference11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012
Country/TerritoryUnited Kingdom
CityLiverpool
Period25/06/1227/06/12

Keywords

  • Exclusive signature matching
  • Intrusion detection
  • Network security and performance

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications

Cite this