Academic Journals Database
Disseminating quality controlled scientific knowledge

PARALLEL QUICK SEARCH ALGORITHM TO SPEED PACKET PAYLOAD FILTERING IN NIDS

ADD TO MY LIST
 
Author(s): ADNAN A. HNAIF | MOHAMMAD ALHALAIQAH | OMAR ABOUABDALLA | SURESWARAN RAMADASS | MOHAMMED M. KADHUM

Journal: Journal of Engineering Science and Technology
ISSN 1823-4690

Volume: 4;
Issue: 2;
Start page: 220;
Date: 2009;
VIEW PDF   PDF DOWNLOAD PDF   Download PDF Original page

Keywords: NIDS | Exact string matching algorithms | Snort | OpenMP | Pthread

ABSTRACT
An Intrusion Detection System (IDS) is a system to detect intruders who try to hack in to the network and steal information and report them to the network administrator. There are many tools used in this field, snort consider one of the most tools mostly used in Network Intrusion Detection System (NIDS). In spite of consuming 31% of total processing due to string matching, and 80% of total processing in case of web-intensive traffic, snort using its rule sets to determine which packets are allowed to pass and which are rejected. In this paper, we parallelized the quick search algorithm using OpenMP and Pthread (Posix) using C language and made a comparison between them; we determine the required number of threads according to many factors. By doing this, we managed to speed up the filtering process for more than 40% and finally. We applied the proposed method into NIDS to enhance the speed of matching process between incoming packet contents and snort rule sets.
Why do you need a reservation system?      Affiliate Program