| Security in computer networks has become an increasing concern with the increase in network traffic. Signature-based Network Intrusion Detection System (NIDS) is considered a preferable system in securing the network because of its efficient detection capabilities. However, increasing traffic rate and rapid increase in attack patterns in the present network requires this signature (pattern) matching engine to be fast, deterministic, reconfigurable and memory-efficient. Works like [2] use Deterministic Finite Automaton (DFA) to provide deterministic performance and also provide solutions to reducing the large memory requirements of this DFA. In my thesis, I have adapted this method of using a DFA and proposed a software-based pattern matching engine that provides the deterministic performance comparable to the hardware-based system along-with the portability of software. A novel state coding approach has been presented for achieving the pattern matching requirements. Also, two methods, "Split-DFA (SDFA)" and "Character Aware" are introduced to achieve efficient state coding. The results verify the reduced memory requirement of proposed system in comparison to the memory-based DFA and also gives their performance. The deterministic performance of this system is studied for a real network scenario. This software-based pattern matching engine therefore contributes to the need of achieving a fast, programmable, portable and resource-efficient pattern matching engine in securing the present network. |
