Network intrusion detection using string matching

Telugu, Praveen Kumar and Saha, Siddarth (2010) Network intrusion detection using string matching. BTech thesis.



Network intrusion detection system is a retrofit approach for providing a sense of security in existing computers and data networks, while allowing them to operate in their current open mode. The goal of a network intrusion detection system is to identify, preferably in real time,
unauthorized use, misuse and abuse of computer systems by insiders as well as from outside perpetrators.
At the heart of every network intrusion detection system is packet inspection which employs nothing but string matching. This string matching is the bottleneck of performance for the whole network intrusion detection system. Thus, the need to increase the performance of
string matching cannot be more exemplified.
In this project, we have studied some of the standard string matching algorithms and implemented them. We have then compared the performance of the various algorithms with
varying input sizes. The main focus of the project was the Aho-Corasick algorithm. In addition to using the default implementation of suffix trees, we have used a dense hash set and a sparse hash set implementation- which are libraries from the Google code repository-
and we show that the performance for these implementations are better. They give noticeable enhancement in performance when the input size increases.

Item Type:Thesis (BTech)
Uncontrolled Keywords:Network Intrusion, String Matching
Subjects:Engineering and Technology > Computer and Information Science > Information Security
Divisions: Engineering and Technology > Department of Computer Science
ID Code:1631
Deposited By:Praveen Kumar Telugu
Deposited On:17 May 2010 11:13
Last Modified:17 May 2010 11:14
Related URLs:
Supervisor(s):Jena, S K

Repository Staff Only: item control page