| 入侵检测系统中的多模式精确匹配算法WDawgMatch |
| |
| 引用本文: | 宁卓,龚俭.入侵检测系统中的多模式精确匹配算法WDawgMatch[J].计算机工程与科学,2010,32(8):17-21. |
| |
| 作者姓名: | 宁卓 龚俭 |
| |
| 作者单位: | 东南大学计算机科学与工程学院,江苏南京210096;江苏省计算机网络技术重点实验室,江苏南京210096;教育部计算机网络与信息集成重点实验室,江苏南京210096 |
| |
| 基金项目: | 国家973计划资助项目,国家科技支撑计划资助项目 |
| |
| 摘 要: | 经典的多模式匹配算法如AC、BM,并不满足NIDS对报文负载中攻击特征串检测时做在线乱序流匹配的需求。著名的多模式精确匹配算法DawgMatch弥补了上述算法无法在扫描的同时获得分片摘要信息的缺点,因此在网络入侵检测系统(NIDS)的在线检测中得到普遍应用。尽管基于DAWA自动机使得DawgMatch可通过二元索引来提高空间使用效率,但它的匹配性能尚不能达到高速报文入侵检测线速匹配的要求。本文提出了新算法WDawgMatch,它牺牲预处理时间,引入加权边消除了DawgMatch匹配回溯现象,提升了匹配速度。性能分析和实验结果表明,WDawgMatch降低了原算法的最坏时间复杂度,缩小了与AC算法的差距,完全满足NIDS线速匹配的要求。
|
| 关 键 词: | DAWA DawgMatch 匹配回溯 |
| 收稿时间: | 2009-05-18 |
| 修稿时间: | 2009-09-21 |
WDawgMatch: An Accurate Multi-Pattern Matching Algorithm in Intrusion Detection Systems |
| |
| NING Zhuo,GONG Jian.WDawgMatch: An Accurate Multi-Pattern Matching Algorithm in Intrusion Detection Systems[J].Computer Engineering & Science,2010,32(8):17-21. |
| |
| Authors: | NING Zhuo GONG Jian |
| |
| Affiliation: | NING Zhuo,GONG Jian(1.School of Computer Science and Technology,Southeast University,Nanjing 210096,2.Jiangsu Provincial Key Laboratory of Computer Network Technology,3.Key Laboratory of Computer Network and Information Integration,China) |
| |
| Abstract: | The traditional multi-pattern matching algorithms like AC,BM do not meet the requirements of online out-of-order stream reassembly when NIDS detects attack signature matches within packet payloads. As a famous accurate multi-pattern matching algorithm,DawgMatch is generally used in NIDS as it can get the digests of the segment being scanned.Unfortunately,though it promotes the space usage by a 2-tuple indexing factor with the help of the DAWA automaton,its matching speed still can not catch up with the need... |
| |
| Keywords: | DAWA DawgMatch |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与科学》浏览原始摘要信息 |
|
点击此处可从《计算机工程与科学》下载全文 |
|
