Variable-Stride Pattern Matching for Network Intrusion Detection

• Main Authors: Kuang-Min Hsu, 徐光民
• Other Authors: Chin-Laung Lei
• Format: Others
• Language: en_US
• Published: 2012
• Online Access: http://ndltd.ncl.edu.tw/handle/71987158864247894326

碩士 === 國立臺灣大學 === 電機工程學研究所 === 100 === Pattern matching is a research topic that focuses on how to efficiently find strings of expected form in some text. In the network, the communication between the computers can be view as sending string to each other, so the knowledge of pattern matching is used to detect the content of communication in network. The network instruction detection and prevention, one of application used pattern matching in the network, is try to find the malicious data from the incoming data stream which come from outside network. To find malicious data, the rules that present how malicious data look like are converted into automata. The performance of the automata always determines the performance of detecting system. Variable-stride is base on Winnowing algorithm, and this scheme has more memory efficiency than multi-stride method when it has the same throughput improvement. Every transition in the automata applied variable stride may deal with a variable number of symbols, and reduce number of state transition when detecting, so make detecting process faster. However, this scheme is only applied in string matching. Thus this dissertation extends variable-stride to NFA, and keeps its advantage at the same time.