Source of Publication
Journal Of Digital Forensics Security And Law
With increasing number and severity of attacks, monitoring ingress and egress network traffic is becoming essential everyday task. Intrusion detection systems are the main tools for capturing and searching network traffic for potential harm. Signature -based intrusion detection systems are the most widely used, and they simply use a pattern matching algorithms to locate attack signatures in intercepted network traffic. Pattern matching algorithms are very expensive in terms of running time and memory usage, leaving intrusion detection systems unable to detect attacks in real-time. We propose a Bloom filters optimized Wu-Manber pattern matching algorithm to speed up intrusion detection. The Bloom filter programs the hash table into a vector, which is quickly queried to exclude unnecessary searches. On average hash table searches are avoided 10.6% of the time. The proposed algorithm achieves a best -case speedup of 66% and worst -case speedup of 33% over Wu-Manber at the cost of 0.33% memory usage increase.
Embry-Riddle Aeronautical University/Hunt Library
network security, intrusion detection systems, pattern matching, Wu-Manber, Bloom filters
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License
Aldwairi, Monther; Al-Khamaiseh, Koloud; Alharbi, Fatima; and Shah, Babar, "Bloom Filters Optimized Wu-Manber for Intrusion Detection" (2016). All Works. 5082.
Indexed in Scopus
Open Access Type
Gold: This publication is openly available in an open access journal/series