| Recent years, the internet has got explosive development,which brings the human society, economy, culture infinite opportunity, meanwhile,it also brings information security rigorous challenge. People adopt ani-virus,firewall, intrusion detection technology etc to assure the network security. With the development of network technology, the intrusion detection technology has become the necessary component of network security architecture.Snort intrusion detection system, as a famous open source NIDS,could protect system information security effectively, which gets vast research and application in industry. The Snort detection engine adopts the simple pattern matching strategy. With the increase of net-band and rule-set, the detection load of Snort is becoming heavier;therefore, it is possible that Snort may neglect some severe attacks. So it is crucial to design high efficient pattern matching algorithm for intrusion detection system.The main works of this paper include the following three parts:1,Based on introducing Intrusion Detection System, the paper get through a deep research on Network Intrusion Detection System named Snort. Through analyzing modules of the Snort'S architecture, working flow and rules, the paper points out the performance bottleneck of the Snort2,Based on which the paper gives out the methods to improve snort's performance: First, the technology of the improved packet capture, which can improve the performance of packet capture by using Memory mapping, NAPI; Second, Third, the technology of optimization rules, which can improve the speed of matching rules by creating efficient rule sets;Third, a dynamic Cache strategy is put forward, in which the recent frequently used rule node pointers ale stored in a Cache block;Fourth, Set threshold to ignore the statistical connection between the packet.3,Unified actually proposed a Snort system model application plan... |
PDF Full Text Request