| With the rapid development of communication technology and computer technology, computer network has to be the main way of information exchange. More and more countries, companies and users connect to the Internet, and network security become increasingly important. Firewalls can block the attacks against to network layer and transport layer, but it can not prevent the attacks against to application layer. Intrusion detection system can detect the attacks, but it can not block the attacks. In addition, it may produce a flood of alarm information because of its false alarm. Therefore, intrusion prevention system came into being. It can detect accurately the layers from network layer (layer 3) to the application layer (layer 7), and take preventive measures against with the attacks. Intrusion prevention system can make up the deficiencies of the firewall and intrusion detection system.Intrusion prevention system connects to the network in in-line way, so its performance becomes a priority. If its performance is poor, it will become a bottle neck. The detection engine is the key technology of intrusion prevention system. Therefore, improving detection speed can improve the performance of intrusion prevention system. Pattern matching technology is commonly used in the detection engine.This paper analyzes kinds of typical pattern matching algorithms: KMP algorithm, BM algorithm, BMH algorithm, BMHS algorithm, AC algorithm and AC-BM algorithm. Then, an improved algorithm based on AC-BM algorithm is proposed. The improved algorithm constructs pattern tree based on binary tree, and it can reduce the time. In addition, the algorithm increases the moving distance of pattern tree, reduces the comparing times by using the bad-character rule of improved BMHS algorithm. Experiments show that the improved algorithm can accelerate the matching speed and has a good time performance. |
PDF Full Text Request