Towards adaptive character frequency-based exclusive signature matching scheme and its applications in distributed intrusion detection

Yuxin MENG, Wenjuan LI, Lam-For KWOK

Research output: Contribution to journalArticlespeer-review

28 Citations (Scopus)

Abstract

Network intrusion detection systems (NIDSs), especially signature-based NIDSs, are being widely deployed in a distributed network environment with the purpose of defending against a variety of network attacks. However, signature matching is a key limiting factor to limit and lower the performance of a signature-based NIDS in a large-scale network environment, in which the cost is at least linear to the size of an input string. The overhead network packets can greatly reduce the effectiveness of such detection systems and heavily consume computer resources. To mitigate this issue, a more efficient signature matching algorithm is desirable. In this paper, we therefore develop an adaptive character frequency-based exclusive signature matching scheme (named ACF-EX) that can improve the process of signature matching for a signature-based NIDS. In the experiment, we implemented the ACF-EX scheme in a distributed network environment, evaluated it by comparing with the performance of Snort. In addition, we further apply this scheme to constructing a packet filter that can filter out network packets by conducting exclusive signature matching for a signature-based NIDS, which can avoid implementation issues and improve the flexibility of the scheme. The experimental results demonstrate that, in the distributed network environment, the proposed ACF-EX scheme can positively reduce the time consumption of signature matching and that our scheme is promising in constructing a packet filter to reduce the burden of a signature-based NIDS. Copyright © 2013 Elsevier B.V. All rights reserved.

Original languageEnglish
Pages (from-to)3630-3640
JournalComputer Networks
Volume57
Issue number17
Early online dateSept 2013
DOIs
Publication statusPublished - Dec 2013

Citation

Meng, Y., Li, W., & Kwok, L.-F. (2013). Towards adaptive character frequency-based exclusive signature matching scheme and its applications in distributed intrusion detection. Computer Networks, 57(17), 3630-3640. https://doi.org/10.1016/j.comnet.2013.08.009

Fingerprint

Dive into the research topics of 'Towards adaptive character frequency-based exclusive signature matching scheme and its applications in distributed intrusion detection'. Together they form a unique fingerprint.