With the flouring development of network-application, the importance of network security and its information security has become a greater concern for the computer users. The network security technology of intrusion detection, the technology that can examine the attacks inside the computer-system,either present or past, is one of the most effective means which may help protect network security.Based on the three different grade, The technology of intrusion detection can be classified into network intrusion detection, OS intrusion detection and application intrusion detection, each having its paticular characteristics and functions.From the point of view of the way of detection, The technology of intrusion detection can be categorized into the intrusion detection technology based on behavior and intrusion detection technolooogy based on information.Having carefully studied the newest trends of the technology of intrusion detection and initially investigated the problems in the field of network security, the author focuses on the study of the speed of detection, which is so far the most challenging problems in network intrusion detection.1. In the thesis, the analysis of content of data-package, an element that affects the speed of detection most, is given an in-depth study ,and is abstracted to a issue of fast multi-parrern matching.2. Hashing method which is usually applied to solve the problem of fast insert and search, is introduced the solution to fast multi-pattern matching3. In practice, double-array hashing space method is applied in order to solve the problem of the big hashing space; according to features of data-package and those of attack-string ,hashing -function is selected because of its high speed and efficiency; and the speed of detection is improve through the decrdasd of the times of detection to network-package by applying various characteristic-string of the sane lengthwith their corresponding pattern. 4. Several improvements are achieved according to the process ofhashing-checking using enlighten information provided by pattern: the method of carving-up scan-zone is introduced to pick up enlighten information of the pattern group simply yet effectively, and it is supposed to fit the instance of more amount of pattern in view of the features of data-package; BM algorithm, which has the best speed in single-pattern matching is innovated to carry out multi-pattern matching, and the revised blurry BM algorithm can more precisely picket-up the characteristics of patterns and improve the speed of detection, thus being suitable for the instance less amount of pattern... |