|
|
 |
|
Viewing report
|
|
|
|
Pattern Recognition (Technical Insights)
Frost & Sullivan, Sep 2006
A detailed technological assessment of the emerging pattern matching techniques/algorithms and products pertaining to network intrusion detection and network security applications, from around the globe.
This Frost & Sullivan research service entitled Pattern Recognition provides a technological assessment of the emerging pattern matching techniques/algorithms and products pertaining to network intrusion detection and network security applications, with an insight into the future of these technologies. In this research service, Frost & Sullivan's expert analysts thoroughly examine pattern recognition in implementation for network security and related algorithmic developments for intrusion detection.
Technologies
The following technologies are covered in this research:
- Behavior Analysis
- Intrusion Detection
- Content Filtering
Technology Overview
Importance of Network Security Drives Innovation in Pattern Recognition
Pattern matching algorithms for network security have been in development for many years. Network security is extremely important in modern-day communications systems and is likely to be a key driver for sustained innovation in the pattern recognition industry. Today, researchers are focusing on developing advanced matching techniques that support regular expressions, long signatures, IPv6, and so on, with faster throughput and have developed many coprocessors to enable this. The drive to develop advanced pattern recognition techniques has also generated considerable interest in designing a mechanism to perform pattern matching by using only the longest prefix matching (LPM) operations. In this way, ‘security switches’ based on the current Layer-3 switches hardware platforms can be designed.
The trend in network security is to develop technologies for network access control (NAC) as most attacks are being launched from inside the network, notes the analyst of this research service. Therefore, these ‘security switches’ are likely to become increasingly important in the years to come. High-speed pattern matching algorithms (>10 Gbps) are also extremely important for NAC. As far as complex combination pattern matching is concerned, there have been significant advances in the literal or classification areas, as seen in the growing shift from Non-deterministic Finite Automata-Perl Compatible Regular Expressions (NFA-PCRE)-based approaches to combination-oriented Deterministic Finite Automata (DFA) approaches. In future, most solutions for pattern matching in the intrusion detection, antivirus, and anti-spam areas are expected to be based on DFA-based approaches.
Focus Shifts to Hybrid Solutions for Pattern Matching
The move from the traditional NFA-PCRE-based approach to DFA is to shift the focus to use both hardware and software implementations for intrusion detection and thereby, overcome the limitations of each. Conventional intrusion detection systems face various problems, which provide ample opportunities to develop more efficient hybrid solutions. The development of these solutions is to integrate both static methods of detection such as pattern matching and information on the dynamic state of the system such as users’ behavioral profiles generated by audit logs and so on.
The shift toward more hybrid solutions in the pattern recognition industry is because pattern matching is not very evolved as a detection methodology, and any slight changes in the attack pattern in networks are capable of causing technique failure. This explains why the network security industry is shifting toward a combination-oriented pattern matching solution such as DFA that combines heuristics, pattern matching, content analysis, protocol analysis, and anomaly detection, says the analyst. The DFA is a kind of sub-element in the classification of an intrusion or a virus signature.
|
|
|
|
