关键词: DAWA, DawgMatch, 匹配回溯

Abstract:

The traditional multipattern matching algorithms like AC,BM do not meet the requirements of online outoforder stream reassembly when NIDS detects attack signature matches within packet payloads. As a famous accurate multipattern matching algorithm, DawgMatch is  generally used in NIDS as it can get the digests of the segment being scanned.Unfortunately,though it promotes the space usage by a 2tuple indexing factor with the help of the DAWA automaton, its matching speed still can not catch up with the need of online linear detection.To promote the performance of DawgMathch,we design a new algorithm WDawgMach based on it. WDawgMach makes use of weighted edges to eliminate the back trace problem of DawgMatch to achieve the linear matching speed.The performance analysis and experience shows that,by sacrificing the preprocessing time,WDawgMach improves the worst time complexity of DawgMatch and makes it comparable to algorithm AC.

Key words: DAWA;online outoforder reassembly;packet scan