Pattern matching is a very important detection method for Network IntrusionDetection System, and it has a directly influence on the real-time performance of theIntrusion Detection System(NIDS). But as network has developed towards rapid andbroadband, the detection speed is becoming a performance bottleneck of the detectionsystem. This paper firstly introduces the principle of pattern matching and its applicationin NIDS. Then we study the main pattern matching algorithms now using in IDS such asBM, AC and AC-BM, after that we bring forward an improved algorithm named MAC,and analyze both of their time complexity and apace complexity. The improvedalgorithm can match many patterns at one time and it obtains bigger skip value, so it canmatch patterns quicker than other algorithms. Finally these algorithms are all implementedin text test and network packets detection, and experiments indicate that the improvedalgorithm MAC provides a significant improvement in pattern matching performance when itis used in an Intrusion Detection System. |