Towards adaptive character frequency-based exclusive signature matching scheme and its applications in distributed intrusion detection

Yuxin Meng, Wenjuan Li, Lam For Kwok

Research output: Journal article publicationJournal articleAcademic researchpeer-review

27 Citations (Scopus)

Abstract

Network intrusion detection systems (NIDSs), especially signature-based NIDSs, are being widely deployed in a distributed network environment with the purpose of defending against a variety of network attacks. However, signature matching is a key limiting factor to limit and lower the performance of a signature-based NIDS in a large-scale network environment, in which the cost is at least linear to the size of an input string. The overhead network packets can greatly reduce the effectiveness of such detection systems and heavily consume computer resources. To mitigate this issue, a more efficient signature matching algorithm is desirable. In this paper, we therefore develop an adaptive character frequency-based exclusive signature matching scheme (named ACF-EX) that can improve the process of signature matching for a signature-based NIDS. In the experiment, we implemented the ACF-EX scheme in a distributed network environment, evaluated it by comparing with the performance of Snort. In addition, we further apply this scheme to constructing a packet filter that can filter out network packets by conducting exclusive signature matching for a signature-based NIDS, which can avoid implementation issues and improve the flexibility of the scheme. The experimental results demonstrate that, in the distributed network environment, the proposed ACF-EX scheme can positively reduce the time consumption of signature matching and that our scheme is promising in constructing a packet filter to reduce the burden of a signature-based NIDS.

Original languageEnglish
Pages (from-to)3630-3640
Number of pages11
JournalComputer Networks
Volume57
Issue number17
DOIs
Publication statusPublished - 9 Dec 2013
Externally publishedYes

Keywords

  • Distributed systems
  • Exclusive signature matching
  • Network intrusion detection
  • Network security and performance
  • Packet filter

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this