| Since the computer comes forth, the security problem has been existing. With Internet rapid expansion and with the rise of the electronic commerce, people find it is important to protect the security of the data. Mentioned the network security, people will think of the firewall at the first. Although the firewall can protect the unexpected access request from entering into through adequacy configuration, it can't check whether the data streams passed it have malice codes. Therefore, Intrusion Detection System (IDS) emerges.Under the analysis of many commercial NIDS, it is found that most of them are very complex, difficult to configure and operate, too expensive to buy for many companies. The snort is a powerful and open source based network IDS (NIDS), which can analyze the data stream, record the daily IP data packet in real time and analyze the protocol. Besides it can search and match the contents. It can detect various different attack methods and alert when it is attacked in real time. In addition, the snort has the good ability to expand and transplant. What's more, snort obey GPL and any organize and individual obeyed GPL can use it free.Based on architecture and rule of snort, this article analyzes the rule matching algorithm of snort-an open source code NIDS. In order to increase effectively the rule match speed, some tentative work is done to add the breadth-first algorithm based on depth-first algorithm. Finally, it analyzes the performance through experiment. The researching result shows it gets a higher performance.
|
PDF Full Text Request