Function and Data Parallelization of Wu-Manber Pattern Matching for Intrusion Detection Systems
Mazen Kharbutli, Monther Aldwairi, Abdullah Mughrabi
The safeguarding networks from malicious activities and intrusions continues to be one of the most important aspects in network security. Intrusion Detection Systems (IDSs) play a fundamental role in network protection. Unfortunately, the speeds of existing IDSs are unable to keep up with the rapid increases in network speeds and attack complexities. Fortunately, parallel computing on multi-core systems can lend a helping hand mitigating the performance gap. In this paper, novel and effective parallel implementations of the Wu-Manber (WM) algorithm for signature based detection system are proposed, implemented, and evaluated. The proposed function and data parallel algorithms prove to be effective in terms of execution time reduction and load balancing, thus providing swift intrusion detection at increased network bandwidths. The algorithm achieves an optimal load balance and an average speedup of 2 for four cores.
Keywords: Intrusion detection; pattern matching; parallel programming; Snort; Wu-Manber