Abstract
We are proposing a new hybrid approach to achieving real-time compression of pattern matching automata in signature-based intrusion detection systems, with particular emphasis on heterogeneous CPU/GPU architectures. We also provide details of the implementation and show how a hybrid approach can lead to improved compression ratios while performing real-time changes to the automata. By testing our methodology in a real-world scenario using sets taken from the ClamAV signature database the Snort rules database, we show that the approach we propose performs better than the current solutions, significantly reducing the storage required and paving the way for high-throughput CPU/GPU heterogeneous processing for such type of automata.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ziv, J., Lempel, A.: Compression of individual sequences via variable-rate coding. IEEE Trans. Inf. Theor. 24 (1978)
Welch, T.: A technique for high-performance data compression. Computer 17(6), 8–19 (1984)
Pungila, C., Negru, V.: A highly-efficient memory-compression approach for GPU-accelerated virus signature matching. In: Proceedings of the 15th Information Security Conference (ISC), Lecture Notes in Computer Science, pp. 354–369. Springer, Berlin (2012)
Aho, A., Corasick, M.: Efficient string matching: an aid to blbiographic search. CACM 18(6), 333–340 (1975)
Clam AntiVirus. http://www.clamav.net
Snort. http://www.snort.org/
Commentz-Walter, B.: A string matching algorithm fast on the average. In: Maurer (ed.) Proceedings 6th International Coll. on Automata, Languages, and Programming, pp. 118–132. Springer (1979)
Wu, S., Manber, U.: A fast algorithm for multi-pattern searching. Technical Report TR, pp. 94–17. University of Arizona (1994)
Pungila, C., Negru, V.: Towards building efficient malware detection engines using hybrid CPU/GPU-accelerated approaches. Architectures and Protocols for Secure Information Technology Infrastructures. IGI Global, pp. 237–264. doi:10.4018/978-1-4666-4514-1.ch009 (2014)
Pungila, C., Negru, V.: Real-time polymorphic Aho-Corasick automata for heterogeneous malicious code detection. In: International Joint Conference SOCO’13-CISIS’13-ICEUTE’13. Advances in Intelligent Systems and Computing, vol. 239, pp. 439–448 (2014)
The CUDA Architecture. http://www.nvidia.com/object/cuda_home_new.html
Pungila, C., Reja, M.,Negru, V.: Efficient parallel automata construction for hybrid resource-impelled data-matching. Future Generation Computer Systems, vol. 36, pp. 31–41. Special section: intelligent big data processing (2014). doi:10.1016/j.future.2013.09.008
Vasiliadis, G., Ioannidis, S.: GrAVity: A massively parallel antivirus engine. Recent advances in intrusion detection. Lecture Notes in Computer Science, vol. 6307, pp. 79–96 (2010)
Acknowledgments
This work was partially supported by the Romanian national grant PN-II-ID-PCE-2011-3-0260 (AMICAS).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Pungila, C., Negru, V. (2015). Real-Time Hybrid Compression of Pattern Matching Automata for Heterogeneous Signature-Based Intrusion Detection. In: Herrero, Á., Baruque, B., Sedano, J., Quintián, H., Corchado, E. (eds) International Joint Conference. CISIS 2015. Advances in Intelligent Systems and Computing, vol 369. Springer, Cham. https://doi.org/10.1007/978-3-319-19713-5_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-19713-5_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19712-8
Online ISBN: 978-3-319-19713-5
eBook Packages: EngineeringEngineering (R0)