We are proposing a hybrid algorithm for constructing an efficient Aho-Corasick automaton designed for data-parallel processing in knowledge-based IDS, that supports the use of regular expressions in the patterns, and validate its use as part of the signature matching process, a critical component of modern intrusion detection systems. Our approach uses a hybrid memory storage mechanism, an adaptation of the Smith-Waterman local-sequence alignment algorithm and additionally employs path compression and bitmapped nodes. Using as a test-bed a set of the latest virus signatures from the ClamAV database, we show how the new automata obtained through our approach can significantly improve memory usage by a factor of times compared to the unoptimized version, while still keeping the throughput at similar levels. © 2013 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Pungila, C. (2013). Hybrid compression of the Aho-Corasick automaton for static analysis in intrusion detection systems. In Advances in Intelligent Systems and Computing (Vol. 189 AISC, pp. 77–86). Springer Verlag. https://doi.org/10.1007/978-3-642-33018-6_8
Mendeley helps you to discover research relevant for your work.