| With the rapid development of the network technology and the continual opening for Internet, the kind and the importance of network application increase day by day, and the behavior of network attacks is more and more serious, so it is more and more challenging to ensure network security. Various kinds of traditional static security defense system, such as fire wall, identity authentication and data encryption, can't already adapt to the current network security state. Then intrusion detection system came into being and IDS based on pattern-matching is applied widely because of its high detection accuracy, low false alarm rate and strong practicability.Network develops fast with an incredible speed in recent years. Technology of network varies from day to day. Emergence of large-scale network and Gigabit Ethernet makes it very difficult for the current NIDS to keep up with the pace of the rapid development of network and traditional methods of intrusion detection face serious challenges. NIDS can exist in name only if because a large number of network data can't be processed in time and some actions of invasion are omitted. At present, pattern-matching operation is the key to the practical NIDS. Thereby increasing the efficiency of pattern-matching algorithm is a key to improve the detection ability of system. Improving existing pattern-matching algorithm is pressing.First, this thesis analyses the current condition and development trends of intrusion detection and its algorithms and draws some conclusions, followed by introducing the definition , composition, classification and standardization of intrusion detection system and focuses on the research of the core technology of NIDS—intrusion detection algorithm. Also the advantages, disadvantages and trends of existing popular algorithms are introduced. Then a simple introduction of typical NIDS called Snort is presented.Pattern matching algorithm is the key algorithm of intrusion detection system based on characteristics matching. It is widely used in current intrusion detection equipment. The efficiency of pattern matching determines the performance of intrusion detection system. In this paper, pattern-matching algorithms used in the IDS have been studied, including the simple pattern-matching algorithm and the classical BM, KMP single pattern matching algorithm, BMH and QS algorithm, as well as AC and AC-BM algorithms. And the performances of various algorithms are analyzed.Improvement for BM algorithm and AC-BM algorithm is the key content of this paper. First of all, experiments are done to prove the deficiency of the rule of Good Suffix in the BM algorithm followed by analysis of the rule in theory. Next, experiments are done to prove the effectiveness of the NBM algorithm which is an improvement of BM algorithm. Finally, based on the NBM algorithm, a new idea is put forward about the improvement of AC-BM algorithm. |
PDF Full Text Request