Fast pattern matching approach for intrusion detection systems

Abstract

Intrusion detection system (IDS) consists of set of techniques and methods for collection of packets from host system or network and analyzes those packets for anomalous content. IDSs mainly fall into two categories: signature-based IDSs and anomaly detection systems. A rule-based IDS compares the incoming packets against rule set in order to detect intrusion. A common approach followed is to build rule trees or finite automata with rule set and traverse it using a packet as input string. 30-60 % of total signature-based IDS processing time is spent on pattern matching [1]. The existing signature-based IDS cannot meet the speed demands imposed by both high network speeds and increasing number of signatures, and more CPU time is spent on searching for rules that match each packet. In this paper, we are going to present an analysis on IDS that is combined with other methods and techniques to produce greater results and hence contribute to the improvement of IDS. © 2014 Springer India.