Research And Implementation Of Pattern Matching Algorithms Based High-speed Network Intrusion Detection System

With the rapid development of computer and network techniques, computer&network security has been the key to the national economic development and also an important part of the national defense security. It is an urgent task to detect and prevent intrusion events, secure the computer system and the whole information infrastructure. Network intrusion detection has been becoming the research hotspot in the field of network security as an active security defending technique. Because network scale is expanding with unbelievable rate and network technology develops quickly, especial the connection rate enhances continuously. Current the performance of NIDS can hardly catch up with the speed of network so that conventional detection method face to serious challenge .First of this thesis, on the basis of thorough analysis of network security and intrusion detection techniques, the shortage of the IDS and the vital significance of improving the IDS performance are pointed out. And pattern match which is applied widely is introduced and analyzed systematically. Several representative single pattern matching and multination pattern matching algorithms are contrastively analysed. In light of the problem and bottleneck of AC_BM algorithm, a new algorithm-I_AC_BM algorithm which has longer steps that can mend the problem is presented. And pseudo-code of this algorithms is brought forward. It shows analytically and experimentally that the new improved algorithm is faster in the searching larger sets of patterns with living example. And afterwards I choose this new algorithm to improve the Snort's Detection Engine, and an improved scheme is presented. In the end the development trend of intrusion detection are put forward.The main work and contribution of this thesis:The pattern matching algorithms of the intrusion detection are analyzed detailedly. Two lacks of AC_BM algorithm are pointed out.In light of the lacks of AC_BM algorithm, a new algorithm-I_AC_BM algorithm is presented. And we testified which has longer steps and better efficiency that can mend the problem.Combining the system structure of snort, I_AC_BM algorithm is applied to intrusion detection system. A improved scheme and realization mechanism of this algorithm are presentedThe vital significance of this thesis lies in which increased the examination efficienc, decreased the occurrence of missing-report, omitting-report and DOS attack.