| As a kind of famous open-source Network-based Intrusion Detection System(NIDS), Snort can protect the system information safety effectively, have been research and use effectively in the industry.The Snort's detection principle is a simple pattern-matching strategy. In the detection process, it is significant for the NIDS to find a rapid and efficient pattern-matching method and optimize the structure of the rule library.This paper analyses the basic structure of the Intrusion Detection System as well as the Snort detection engine. On the base of this,an improvement toward Snort is put forward. The main contents of this paper is as follows:1. Analyzing the Snort system by Profiler tool,we know that we can improve system performance by optimizing the rules and using an more efficient pattern-matching method.2. Analyzing the classical matching algorithms of the Snort detection engine, this paper advance an improved algorithm based on BM and achieve.3. Improve the structure of rule library based on analyzing the principle of the Snort detection engine, propose an optimized classification method of the rules.4. The paper conducts a number of performance tests with improved Snort, the result shows that the performance of the system have been improved, the purpose of improving has achieved. |
PDF Full Text Request