An Efficient Network Intrusion Detection System Using Prospective Backward Oracle Matching Algorithms: An Architectural Approach

Abstract

With the innovations in technology, sophisticated attacks are threatening the major defenses of networks. Nowadays, it is highly impossible to avoid security attacks completely. Network Intrusion Detection System (NIDS) plays a vital role in network security in detecting the attacks that happen regardless of the best defensive methods. Most NIDS search engines use pattern matching algorithms as their core component to detect the signatures of inspecting packets. The selection of pattern matching algorithms greatly affects the performance of NIDS. Challenges like handling huge traffic, high data speed, low detection rate, etc. are also degrading the performance of many existing NIDS. To overcome the stated problems, this paper proposes an efficient NIDS layer-based architecture and designed Prospective Backward Oracle Matching (PBOM) Algorithms and applied at respective layers. PBOM algorithms use reversed patterns and construct factor oracle for better pattern matching and to achieve better results. Hashtable mechanism is used to minimize the memory used to store the state transitions. PBOM algorithms are integrated into the Snort tool and deployed on Kali Linux based environment set up. Experimental evaluation indicates that the proposed design with PBOM algorithms can achieve better detection accuracy, less packet loss, and reduced false alarms.