Date of Award

1-1-2009

Degree Name

Master of Science

Department

Electrical and Computer Engineering

First Advisor

Weng, Ning

Abstract

Security in computer networks has become an increasing concern with the increase in network tra±c. Signature-based Network Intrusion Detection Sys- tem(NIDS) is considered a preferable system in securing the network because of its e±cient detection capabilities. However, increasing tra±c rate and rapid increase in attack patterns in the present network requires this signature(pattern) match- ing engine to be fast, deterministic, recon¯gurable and memory-e±cient. Works like [2] use Deterministic Finite Automaton(DFA) to provide deterministic perfor- mance and also provide solutions to reducing the large memory requirements of this DFA. In my thesis, I have adapted this method of using a DFA and proposed a software-based pattern matching engine that provides the deterministic performance comparable to the hardware-based system along-with the portability of software. A novel state coding approach has been presented for achieving the pattern matching requirements. Also, two methods, \Split-DFA(SDFA)" and \Character Aware" are introduced to achieve e±cient state coding. The results verify the reduced memory requirement of proposed system in comparison to the memory-based DFA and also gives their performance. The deterministic performance of this system is studied for a real network scenario . This software-based pattern matching engine therefore contributes to the need of achieving a fast, programmable, portable and resource- e±cient pattern matching engine in securing the present network.

Share

COinS
 

Access

This thesis is only available for download to the SIUC community. Others should
contact the interlibrary loan department of your local library.