Multi-Pattern Boyer-Moore - Horspool Algorithm based Hashing Function for Intrusion Detection System

Awsan A. Hasan, Nur' Aini Abdul Rashid, Muhannad A. Abu-Hashem, Atheer A. Abdulrazzaq
2013 Lecture Notes on Information Theory  
Every day the networks are expanding in very large scale and running in very high speed. The Intrusion Detection System (IDS) becomes as an essential part in any new network structure. The IDS is relying on the string matching algorithm to detect any signature attack, but the high speed of the modern networks are preventing the IDS string matching algorithms to work properly. There is a need to develop a robust IDS string matching algorithms to overcome these weaknesses. In this paper, we
more » ... ue to developing Boyer-Moore Horspool algorithm by adding a new multi-pattern hashing feature to its original structure, which is called MPH-BMH. The developed algorithm is able to reduce the matching time because it can compare a group of pattern at one time. The results show that MPH-BMH is around 50% faster than BMH and QS algorithms in which it can scan and match large number of network packets in the given time and consequently it can be very useful to work in high speed networks.  Index Terms-IDS, string matching algorithms, multi pattern matching, hash function.
doi:10.12720/lnit.1.2.69-72 fatcat:k5mpd4vduvgrtlxcs6fldbx6hy