| The technology of Intrusion Detection is presented under the situation thattraditional security is incapable of satisfying ever increasingly rigorous demand.Its emergence brings new vitality to the research of computer security. In thetechnology of intrusion detection, the speed of attack detection is the limit foreffective load of network packets. Therefore, in the detection process, it issignificant for the NIDS to find a pattern match method of speed and effect.Atthe same time, the detection process of misuse-based intrusion detection systemis to match the packet load against the rules in the rule library, so the structure ofthe rule library has great effect on detection efficiency.Firstly, the paper expatiates on some classical matching algorithms, andanalyses their applying ranges, advantages and disadvantages. On the base ofthis, a faster string searching algorithm(New-Search) is put forward. Thisalgorithm makes full use of the information of every matching comparison toskip more characters before the next comparison.Secondly, the paper improves the structure of rule library. Throughoptimizing the criterion of classifying rules, each rule belongs to only one rulechain. On the other hand, considering the difference of use frequency ofservices, common services ports are displayed in the front of rule chains.The paper conducts a number of performance tests with Snort under Linuxoperating system, and the emphasis is to test the performances of theexclusion-based matching algorithm and improved rule library. For intrusiondetection system after improvement, there are still some shortages, so the paperprovides the future work finally. |
PDF Full Text Request