| As network speeds and detection workloads increase, the current software-based network intrusion detection system (NIDS) increasingly appears to be inadequate, so it is important for NIDSes to be highly efficient. Taking processing and memory resources into account, pattern matching and protocol analysis have become the most critical parts of signature-based NIDSes.The problem closely integrates protocol analysis and pattern matching technique, and normalizes into a single phase of the protocol pre-matching. Before the further time-cost analysis, NIDS rule out the non-attack traffic as soon as possible. It also can detect packets deeply to find and report a variety of malicious and misuse attacks, and then to block them. At the same time, we improve the basic and the exclusion-based pattern matching algorithm, with a view to bettering the performance of the system in the further process of matching.Pattern-matching algorithms have their own best application environment, but now there is no algorithm that is entirely suitable. Through the research and analysis of network traffic characteristics, rule set and processor architecture and etc., we explore sensitive factors which highly impact the performance of NIDS. Then we use mixed methods to achieve intelligent scheduling of pattern matching algorithm, so as to obtain better performance than a single algorithm can, according to the relevant parameters. |
PDF Full Text Request