| With the network security becoming more and more rigorous, intrusion detection system has been one of important components of computer network security defense system by its characteristic. Matching algorithms is pivotal algorithm of the intrusion detection system based on patterns matching. The efficiency of the matching algorithm used in the intrusion detection system decides the capability the system.This paper works over intrusion detection system, and study a network intrusion detection system named Snort, analyses the system structure. And analyses several classic matching algorithms and their capability, including BM algorithm, AC algorithm, AC_BM algorithm.Because of the defect of AC_BM algorithm, this paper proposes a multiple pattern matching algorithm based on sequential binary tree and analysis the space and time complexity of the original and proposed algorithms. The result of the experiment indicates that improved algorithm spends less time and the improving is effective.Finally, the analysis of the advantages and disadvantages about protocol analysis and the pattern matching is given. According to that, the dissertation proposes the architecture of intrusion detection system based on pattern matching and protocol analysis, and the system has many advantages such as high efficiency, high accuracy,low consumption of resources, etc. |
PDF Full Text Request