Abstract
Intrusion Detection System (IDS) is a monitoring system that is the most commonly used today. IDS monitors and analyzes network traffic to detect and prevent malicious behaviors. The main process of IDS is pattern matching, which typically accounts for about 70% of IDS processing time [9]. Wu-Manber [11] is one of the fastest pattern matching algorithms [3] which is commonly used in IDSs. It uses hash techniques to build the hash tables based on the shortest patterns. However, the difference between patterns often degrades the efficiency of the algorithm. In this paper, we propose an improved Wu-Manber algorithm that reduces dependence on the shortest patterns by combining Bloom filters. The experimental results show that our algorithm reduces the matching time by 10% in the worst case and 78% in the best case compared to the original Wu-Manber algorithm, and also reduces the memory usage by 0.3%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aho, A., Corasick, M.: Efficient string matching: an aid to bibliographic search. Commun. ACM 18, 333–340 (1975)
Aldwairi, M., Al-Khamaiseh, K.: Exhaust: optimizing Wu-Manber pattern matching for intrusion detection using bloom filters. IEEE (2015)
Aldwairi, M., Al-Khamaiseh, K., Alharbi, F., Shah, B.: Bloom filters optimized Wu-Manber for intrusion detection. J. Digit. Forensics Secur. Law 11(4), Article 5 (2016)
Zhang, B., Chen, X., Pan, X., Wu, Z.: High concurrence Wu-Manber multiple patterns matching algorithm. In: Proceedings of the International Symposium on Information Process, p. 404 (2009)
Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)
Boyer, R.S., Moore, J.S.: A fast string searching algorithm. Commun. ACM 20(10), 762–772 (1977)
Kacha, C., Shevade, K.A., Raghuwanshi, K.S.: Improved Snort intrusion detection system using modified pattern matching technique. Int. J. Emerg. Technol. Adv. Eng. 3(7), 81–88 (2013)
Yang, D., Xu, K., Cui, Y.: An improved Wu-Manber multiple patterns matching algorithm. In: The 25th IEEE International Performance, Computing, and Communications Conference (IPCCC), pp. 680–686 (2006)
Antonatos, S., Anagnostakis, K., Markatos, E.: Generating realistic workloads for network intrusion detection systems. SIGSOFT Softw. Eng. Notes 29(1), 207–215 (2004)
Bhardwaj, V., Garg, V.: Efficient Wu Manber string matching algorithm for large number of patterns. Int. J. Comput. Appl. 132(17), 29–33 (2015)
Wu, S., Manber, U.: A fast algorithm for multi-pattern searching. Technical report TR94-17. University of Arizona at Tuscon (1994)
Zhang, W.: An improved Wu-Manber multiple patterns matching algorithm. In: Proceedings of the 2016 IEEE International Conference on Electronic Information and Communication Technology (ICEICT 2016), pp. 286–289 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Lee, S., Phan, T.T. (2018). Enhancement of Wu-Manber Multi-pattern Matching Algorithm for Intrusion Detection System. In: Cong Vinh, P., Ha Huy Cuong, N., Vassev, E. (eds) Context-Aware Systems and Applications, and Nature of Computation and Communication. ICTCC ICCASA 2017 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 217. Springer, Cham. https://doi.org/10.1007/978-3-319-77818-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-77818-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-77817-4
Online ISBN: 978-3-319-77818-1
eBook Packages: Computer ScienceComputer Science (R0)