| With fast development of information technology, security issues have evolved into the key problem of information systems. As a kind of active measure of information assurance, intrusion detection acts as the effective complement to traditional protection techniques such as access control, firewall, and identity authentication. Today many intrusion detection systems are being studied and used, but as the kind and number of intrusion and network bandwidth increase constantly, accuracy and efficiency of intrusion detection system can't satisfy the need.For Misuse-based intrusion detection system, string matching computations dominate in the overall of running an intrusion detection system, so the capability of matching algorithm directly affects the total efficiency. Considering this problem, the paper expatiates on some classical matching algorithms, and analyses their applying ranges, advantages and disadvantages. On the base of this, an AC-SA matching algorithm is presented. It uses Suffix Machine to improve the efficency of AC machine.At the same time, the detection process of Misuse-based intrusion detection system is to match the packet load against the rules in the rule library, so the structure of the rule library has great effect on detection efficiency. Considering this issue, the paper improves the structure of rule library. Because the old rule option chain is linear, this paper presents a new structure based on binary tree, it can decrease the average matching length of rules.The paper conducts numerous performance tests with Snort under Linux operating system, and the emphasis is to test the performances of the AC-SA matching algorithm and improved rule library. By analyzing the experiments results, it proves that the results are coincidental to the theory basically, and theperformance of intrusion detection system is improved to a certain extent.Although intrusion detection system is improved, there are still some shortages, so the paper provides the future work finally. |
PDF Full Text Request