Research On Pattern Matching Of Network Intrusion Detection And The Analysis Of The Correlative System's Performance

With the enlarging scale and deeper application of network, network security is becomming more and more serious. The illegal attack to the network and its information is one of the main threats to network security, so it has become more and more important to protect them. Although Encryption, Authentication, Firewall and other traditional network security technology have taken some effect, but they only provide passively defense, thus can't satisfy the demand of the network security completely. Intrusion Detection as a kind of new, initiative defiance technology comes into spotlight, and plays an important role in various situations. Currently, hybrid intrusion system, which integrates network intrusion system and host intrusion system, has the highly practical and research value.After comparing several pattern matching algorithms, we put forward a kind of improved pattern matching algorithm called BMHSY, then basing on some research on network intrusion system and host intrusion system, we give a Hybrid Intrusion Detection System, which combines the advantage of BM, BMH and BMHS, at last present performance analysis in actual environment. The main work of this paper is as follows.(1) By comparing BM, BMH and BMHS pattern matching algorithm, we give a improved pattern matching algorithm which used of the thought of BM algorithm, and combined the advantage of BMH and BMHS. We also carry on the theories to prove the improvement.The new algorithm is easier to implementation than BM, more efficiency and quicker than BMHS and more efficiency than BMH under most condition.(2) Combined the characteristics of network intrusion system and host intrusion system, we design a hybrid intrusion system that can discover network intrusion and host intrusion. This system, which adopts the compound distribute structure, resolves single expired problem within the tradition distribute structure.(3) After analyzed the hybrid system's performance in realistic environment with function testing, stress & evasion testing, withstand attack testing, data set attack testing, the system is proved to be higher intrusion efficiency and lower mistake checking rate, and can satisfy the demanding of daily using.