| With network safety problem gradually austere,IDS on its characteristic having made up the deficiency of tradition safe protection,becoming the important component of the computer and the network safety. Rule matching is the core of IDS owing to the characteristic,rule matching efficiency decides the capability of the IDS.The article is based of studying the IDS and analyzing Snort2.4.4. It includes system structure and rule organization form of Snort, further explains systematic operating principle and establishes the basis of revising the detecting engine.The analysis in this thesis has been carried out on several classical algorithmic pattern matching principle,such as the single-pattern matching algorithm is BM algorithm,muti-pattern matching algorithm is WM and MWM that is Snort system are acquiesced in being put into use.The thesis is aimed at algorithmic deficiency of MWM ,and divides the pattern strings into two set. The length of patterns are smaller than 3 are in a group,others are in another group,and then apply MWM algorithm respectively. To cut down the mating node numbers and the mating time it increased the hash conflict arranging mathod.The thesis has carried out improvement on rule listing framework of organization at the same time.The law improvement development applying the rule port listing is adjusted,has used improved algorithm and operation tested in Snort2.4.4 system. Comparison with primary system,this thesis has reached the time consumed with improving detecting system falling off to some extent,has confirmed the validity and pragmatism improving. |
PDF Full Text Request