| With the popularization and fast development of network, network users is facing increasingly serious security issues, thus network intrusion has become the most important threat to the computer security and network security. So network intrusion detection system (NIDS) appears as the keystone and hotspot in the computer security research field which emerges by the requirement of times. Intrusion detection system is a new type of safety protection technology after traditional security protection method such as firewall, data encryption and so on. It identifies vicious behaviors of using host and network resources. It not only detects the intrusion from the extranet intruder but also intranet users. Intrusion detection is an active protection technology of network safety.At present, network intrusion detection systems have met many challenges. There are two typical problems. The first one is how to increase the detecting speed to meet the requirement of the bandwidth increase. The second one is how to reduce false negative rate and false positive rate to enhance the accuracy of the detection.Pattern matching algorithm is an important part of the rule-based intrusion detection system. It directly influences the accuracy and real-time performance of the system. The most fashionable single pattern matching algorithms and multiple patterns matching algorithms are respectively studied in this paper. BM algorithm has a large preprocessing time overhead, pointing to this disadvantage, an improved algorithm which has better performance is presented; On the basis of in-depth analysis of AC_BM algorithm, absorbing the idea of QS algorithm, an improved AC_BM algorithm is presented. The biggest offsets in matching process of both improved algorithms are bigger than original algorithms. Secondly, this paper puts forward an intelligent detecting technology based on improved pattern matching algorithm and protocol analysis to solve the vast computing amounts and a high false positive rate of the traditional pattern matching method. The protocol analysis method takes good advantage of the regularity of the network protocol to detect the attack, so the computing amounts can be reduced clearly and the accuracy of the detection can be enhanced.Finally, this paper uses snort which is the most popular rule-based intrusion detection system as the experiment tool. Comparing with the snort, experimental data shows the new system model that based on improved pattern matching algorithm and... |
PDF Full Text Request