| With the rapid development of computer and network technology, more and more companies and individuals are surfing the internet. Network security becomes an unavoidable problem that people have to face. Traditionally, firewalls are the first line of defense. However, with more powerful hacking tools and more complex intrusion methods, firewalls alone can not protect the network. Under such circumstances, deeper level analysis and multiple methods are required.Since the 1990's, intrusion detection has been an active research filed. As an important component of detecting illegal activities and preventing computer and network from destruction, intrusion detection system (IDS) emerged.The unbelievable rapid speed with which computer network technology is developing and the emergence of Gigabyte Ethernet have made the current IDSs fall behind the development of network technology. Traditional intrusion detection methods are facing serious challenge.This paper introduces issues on the model of IDS, organization and classification. And then, introduces, up to date, the most famous open source IDS software--snort, and analyses the components of snort. After that this paper focuses on applying different string searching algorithms in IDS. Firstly, introduces the classical single pattern matching algorithms, and secondly according to the development of the pattern matching algorithm itself, introduces some multi-pattern matching algorithms. Thirdly, this paper chooses four multi-pattern matching algorithms out of most popular ones, those are Aho-Corasick algorithm, Aho-Corasick_Boyer-Moore algorithm, Modified Wu Manber algorithm and SFK algorithm. Then applies these four algorithms in IDS based on snort, and designs a test to compare the efficiency of them. Lastly, this paper gives the result of the test, this result can give some advices on how to choose pattern matching algorithm in IDS.At the end of this paper, a discussion of the trend of development on intrusion detection is given. |
PDF Full Text Request