@inproceedings{e55fc6ad6537410a8485879fdb782efc,
title = "Piranha: Fast and memory-efficient pattern matching for intrusion detection",
abstract = "Network Intrusion Detection Systems (NIDS) provide an important security function to help defend against network attacks. As network speeds and detection workloads increase, it is important for NIDSes to be highly efficient. Most NIDSes need to check for thousands of known attack patterns in every packet, making pattern matching the most expensive part of signature-based NIDSes in terms of processing and memory resources. This paper describes Piranha, a new algorithm for pattern matching tailored specifically for intrusion detection. Piranha is based on the observation that if the rarest substring of a pattern does not appear, then the whole pattern will definitely not match. Our experimental results, based on traces that represent typical NIDS workloads, indicate that Piranha can enhance the performance of a NIDS by 11\% to 28\% in terms of processing time and by 18\% to 73\% in terms of memory usage compared to existing NIDS pattern matching algorithms.",
keywords = "intrusion detection, network monitoring, network performance, network security, pattern matching",
author = "S. Antonatos and M. Polychronakis and P. Akritidis and Anagnostakis, \{K. G.\} and Markatos, \{E. P.\}",
year = "2005",
doi = "10.1007/0-387-25660-1\_26",
language = "English",
isbn = "9780387256580",
series = "IFIP Advances in Information and Communication Technology",
publisher = "Springer New York LLC",
pages = "393--408",
editor = "Sihan Qing and Eiji Okamoto and Hiroshi Yoshiura and Ryoichi Sasaki",
booktitle = "Security and Privacy in the Age of Ubiquitous Computing - IFIP TC11 20th International Information Security Conference",
note = "IFIP TC11 20th International Information Security Conference, IFIP/SEC2005 ; Conference date: 30-05-2005 Through 01-06-2005",
}