Parallel Scalable Approximate Matching Algorithm

for Network Intrusion Detection Systems

Adnan Hnaif¹, Khalid Jaber¹, Mohammad Alia¹, and Mohammed Daghbosheh²

¹Faculty of Science and Information Technology, Al Zaytoonah University of Jordan, Jordan

²Faculty of Science and Information Technology, Irbid National University of Jordan, Jordan

Abstract: Matching algorithms are working to find the exact or the approximate matching between text “T” and pattern “P”, due to the development of a computer processor, which currently contains a set of multi-cores, multitasks can be performed simultaneously. This technology makes these algorithms work in parallel to improve their speed matching performance. Several exact string matching and approximate matching algorithms have been developed to work in parallel to find the correspondence between text “T” and pattern “P”. This paper proposed two models: First, parallelized the Direct Matching Algorithm (PDMA) in multi-cores architecture using OpenMP technology. Second, the PDMA implemented in Network Intrusion Detection Systems (NIDS) to enhance the speed of the NIDS detection engine. The PDMA can be achieved more than 19.7% in parallel processing time compared with sequential matching processing. In addition, the performance of the NIDS detection engine improved for more than 8% compared to the current SNORT-NIDS detection engine.

Keywords: Exact matching algorithms, approximate matching algorithms, parallel processing, network intrusion detection systems.

Received February 13, 2020; accepted June 17, 2020