Real-time hybrid compression of pattern matching automata for heterogeneous signature-based intrusion detection

Abstract

We are proposing a new hybrid approach to achieving real-time compression of pattern matching automata in signature-based intrusion detection systems, with particular emphasis on heterogeneous CPU/GPU architectures.We also provide details of the implementation and show how a hybrid approach can lead to improved compression ratios while performing real-time changes to the automata. By testing our methodology in a real-world scenario using sets taken from the ClamAV signature database the Snort rules database, we show that the approach we propose performs better than the current solutions, significantly reducing the storage required and paving the way for high-throughput CPU/GPU heterogeneous processing for such type of automata.