Research And Implement Of Pattern Matching Algorithm In Network Intrusion Detection System

With the rapid development of computer and network technology, the action of illegal attack and breakage increases, and network security receives gradually considerable attention. As one measure of the active defense, intrusion detection, effective in resolving the defects of traditional means of protection, becomes a research emphasis of network security.When current speed of network continues to rapidly increase, the speed bottlenecks of the intrusion detection have been found, and accuracy and real time performance of the system are doubted seriously. As one of the effective methods by which the performance of intrusion detection system is enhanced, pattern matching algorithms used in the system are discussed and studied in depth.In the first part of the paper, there are introduction of the related concepts of intrusion detection, and systematic and complete analysis of relative technical domains. Intrusion detection systems are represented in different classification perspectives. Moreover, the development trend is analyzed.According to the number of the patterns matched simultaneously, matching algorithms are sorted into single pattern matching algorithms and multi pattern matching algorithms. Single pattern matching algorithms, for instance, BM algorithm, QS algorithm, and multi pattern matching algorithm, such as Wu-Manber algorithm, are investigated respectively. And the performance and characteristic of the algorithms are discussed. The idea of the improved Wu-Manber algorithm comes from QS algorithm, and the largest shift distance is augmented to m+B characters. So the better performance of the algorithm is acquired.In order to transplant the improved matching algorithm into intrusion detection system, the investigation on Snort, open source-code intrusion detection system, is detailed. The essential portion is the analysis of the architecture and workflow of Snort. Also, there is a description, in which the rules of the system are set. Furthermore, the investigative emphasis is the inspection engine of Snort. Especially, the mechanism of pattern matching algorithm working in the engine comes into focus, and the related research lays the foundation for improvement of inspection engine.Based on the analysis of the way how to make pattern matching algorithm work in intrusion detection system, and considering the characteristic of the inspection engine, the improved Wu-Manber algorithm is transplanted on the engine, and the performance is tested. The experimental results show that the algorithm performs better.