Pattern matching of signature-based IDS using Myers algorithm under MapReduce framework

@article{Aldwairi2017PatternMO,
  title={Pattern matching of signature-based IDS using Myers algorithm under MapReduce framework},
  author={Monther Aldwairi and Ansam M. Abu-Dalo and Moath H. A. Jarrah},
  journal={EURASIP Journal on Information Security},
  year={2017},
  volume={2017},
  pages={1-11}
}
The rapid increase in wired Internet speed and the constant growth in the number of attacks make network protection a challenge. Intrusion detection systems (IDSs) play a crucial role in discovering suspicious activities and also in preventing their harmful impact. Existing signature-based IDSs have significant overheads in terms of execution time and memory usage mainly due to the pattern matching operation. Therefore, there is a need to design an efficient system to reduce overhead. This… 
Design and Implementation of Network Intrusion Detection System on the Apache Hadoop Platform
TLDR
The goal of this paper is the implementation of Intrusion Detection System (IDS) on the Apache Hadoop platform to enable task parallelization on multicore processors and the obtained results show that proposed Hadoops based IDS is about 25% faster then the Snort IDS.
Characterizing Realistic Signature-based Intrusion Detection Benchmarks
TLDR
A pattern-matching engine that enables researchers to plug-and-play their new pattern matching algorithms and compare to existing algorithms using the predefined metrics, and a generic parser capable of parsing different intrusion detection systems rule formats and extract attack signatures are provided.
A New Multi-threaded and Interleaving Approach to Enhance String Matching for Intrusion Detection Systems
TLDR
A new multi-threaded and interleaving approach of Aho-Corasick using graphics processing units (GPUs) is designed and implemented to achieve high-speed string matching and achieves more than 5X speedup over the sequential and other parallel implementations.
KPN-based parallelization of Wu–Manber algorithm on multi-core machines
TLDR
The proposed KPN-based parallelization achieves up to 4× speedup over the serial implementation of the Wu–Manber algorithm and the algorithm performance scales well with increasing workloads and the speedup up remains almost constant with increasing number of attack signatures.
Intrusion Detection Systems Using Blockchain Technology: A Review, Issues and Challenges
TLDR
The importance of integrating blockchain with intrusion detection systems based on blockchain technology is explored and important future research directions and trending topics in intrusion detection system based on Blockchain technology are suggested.
Security techniques for intelligent spam sensing and anomaly detection in online social platforms
TLDR
This research provides a comprehensive related work survey and investigates the application of artificial neural networks for intrusion detection systems and spam filtering for OSNs and uses the concept of social graphs and weighted cliques in the detection of suspicious behavior of certain online groups.
INSecS: An Intelligent Network Security System
TLDR
The proposed Intrusion Detection System is a novel, distributed IDS that is able to perform in real-time in a distributed system that detects multi-step attacks faster by updating the system rules when a reconnaissance attack is detected, without any human intervention.
A Local Feature Engineering Strategy to Improve Network Anomaly Detection
TLDR
A Local Feature Engineering (LFE) strategy aimed to face problems through the adoption of a data preprocessing strategy that reduces the number of possible network event patterns, increasing at the same time their characterization.
A Survey on Intrusion Detection System Using Data Mining Techniques
TLDR
This survey studies various techniques like k-means clustering, ANN, fuzzy neural network SVM classifiers, AODV based LDK model with AES, k-nearest neighbor classifier, GNS, Naive Bayes, Support vector machines (SVM), J48(C45) with Random Forest, Random Forest with Random Tree Classifiers which have been implemented using serial algorithm.
...
...

References

SHOWING 1-10 OF 38 REFERENCES
Hybrid Multithreaded Pattern Matching Algorithm for Intrusion Detections Systems
TLDR
A hybrid Aho-Corasick (AC) and Wu-Manber (WM) pattern matching algorithm for speeding up IDS is proposed, the premise is that AC performs better for short patterns while WM outperforms AC for longer patterns.
Exscind: Fast pattern matching for intrusion detection using exclusion and inclusion filters
  • M. Aldwairi, Duaa Alansari
  • Computer Science
    2011 7th International Conference on Next Generation Web Services Practices
  • 2011
TLDR
A novel and fast software-based pattern matching algorithm to reduce the number of times to perform pattern matching is presented, which filters out the clean traffic without requiring pattern matching and weeds out suspicious packets to be searched using a specially modified Wu-Manber pattern matching algorithms.
Function and Data Parallelization of Wu-Manber Pattern Matching for Intrusion Detection Systems
TLDR
Novel and effective parallel implementations of the Wu-Manber (WM) algorithm for signature-based detection systems are proposed, implemented, and evaluated and prove to be effective in terms of execution time reduction and load balancing, thus providing swift intrusion detection at increased network bandwidths.
Building Scalable Distributed Intrusion Detection Systems Based on the MapReduce Framework
TLDR
The proposed architecture is able to efficiently handle large volumes of collected data and consequent high processing loads, seamlessly scaling to enterprise network environments and is capable of detecting complex attacks through the correlation of information obtained from different sources.
Efficient Packet Pattern Matching for Gigabit Network Intrusion Detection Using GPUs
TLDR
An efficient GPU-based pattern matching algorithm is presented by leveraging the computational power of GPUs to accelerate the pattern matching operations to increase the over-all processing throughput.
Gnort: High Performance Network Intrusion Detection Using Graphics Processors
TLDR
An intrusion detection system based on the Snort open-source NIDS that exploits the underutilized computational power of modern graphics cards to offload the costly pattern matching operations from the CPU, and thus increase the overall processing throughput.
FPMR: MapReduce framework on FPGA
TLDR
FPMR, a MapReduce framework on FPGA, which provides programming abstraction, hardware architecture, and basic building blocks to developers so that more attention can be paid to the application itself and the speedup of this framework is demonstrated.
Evaluating MapReduce for Multi-core and Multiprocessor Systems
TLDR
It is established that, given a careful implementation, MapReduce is a promising model for scalable performance on shared-memory systems with simple parallel code.
A Parallel AC Algorithm Based on SPMD for Intrusion Detection System
TLDR
A parallel AC algorithm based on multi-core processors is designed and shown to improve the efficiency of intrusion detection by analyzing the potential parallelism of the AC algorithm and using SPMD method.
Bit-Parallel Multiple Approximate String Matching based on GPU
...
...