| With the development of computer and network techniques, Network security has become increasingly prominent. As the security technologies of new generation after the traditional safe protective measures such as firewall, cryptography, etc, Intrusion Detection System (IDS) is becoming an important component of network security system because of its ability of real time detection and rapid response. However, on high-speed network environment and large-scale application, Distributed Intrusion Detection System(DIDS) and the performance of IDS is of important to the researchers' study.The detection engine is the core module of IDS and its mainly detect method is pattern matching algorithm. So it is very important for IDS's performance to choice or design an excellent pattern matching method. On large-scale application, The reasonable deployment of IDS is an effective way to improve performance.This paper mainly research on DIDS with the object of a typicalsystem—Snort. The work is divided into the following three parts:1,Analyses the Snort global architecture, look into the it's program.Then detailed analysis of multi-patterns set, multi-rule inspection engine of Snort and the algorithms of Snort string matching are given.2,This paper tested that the length of the shortest pattern in pattern set effects the performance of MWM algorithm obviously by experiments. In view of the establishment of the characteristics of the pattern set, by splitting the pattern set based on the length of the pattern and using BM algorithm followed by MWM algorithm, to improve the performance of the system. The simulation experiment shows that the method of improvement can enhance the matching performance of patten set that has a pattern with one character.3,Finally,this paper studys DIDS and build a framework of 3-layer system based on the snort's improved detection engine.The works above is important significance to a project which is in progress. |
PDF Full Text Request