Multithreaded Scalable Matching Algorithm For Intrusion Detection Systems
Loading...
Date
2010-05
Authors
Hnaif, Adnan Ahmad Abdelfattah
Journal Title
Journal ISSN
Volume Title
Publisher
Universiti Sains Malaysia
Abstract
The increasing speed of today’s computer networks directly affects the performance
of Network Intrusion Detection Systems (NIDS) in terms of speed of detection of
threats. Therefore, the performance of the existing algorithms needs to be improved
both in sequential and parallel to enhance the speed of the detection engine used in
SNORT-NIDS. Hence, this thesis defines a new algorithm called the Distributed
Packet Header Matching algorithm (DPHM), and a New Network Intrusion
Detection Systems (NNIDS) platform using hybrid technology in order to increase
the overall performance of SNORT-NIDS.
The DPHM algorithm converts the header rule sets into weights and stores them in a
lookup table. It then matches the incoming packets header with the headers rule sets.
The speed of the SNORT-NIDS matching process is enhanced using the proposed
learning process which is contained within the DPHM algorithm.
Furthermore, the NNIDS platform will distribute the incoming packets payload into
two scenarios: In the first scenario, the incoming packets payload will distribute
among available processor in shared memory architecture using Message Passing
Interface (MPI) library. In the second scenario, the incoming packets payloads will
be distributed amongst available processors with multiple-cores processors using a
hybrid of MPI library and OpenMP library in shared memory architecture.
Description
Keywords
Multithreaded scalable matching algorithm , for intrusion detection systems